Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals.
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ec-cube | Lockon | 2.11.0 (including) | 2.11.0 (including) |
Ec-cube | Lockon | 2.11.0-beta (including) | 2.11.0-beta (including) |
Ec-cube | Lockon | 2.11.0-beta2 (including) | 2.11.0-beta2 (including) |
Ec-cube | Lockon | 2.11.1 (including) | 2.11.1 (including) |
Ec-cube | Lockon | 2.11.2 (including) | 2.11.2 (including) |
Ec-cube | Lockon | 2.11.3 (including) | 2.11.3 (including) |
Ec-cube | Lockon | 2.11.4 (including) | 2.11.4 (including) |
Ec-cube | Lockon | 2.11.5 (including) | 2.11.5 (including) |
Ec-cube | Lockon | 2.12.0 (including) | 2.12.0 (including) |
Ec-cube | Lockon | 2.12.1 (including) | 2.12.1 (including) |
Ec-cube | Lockon | 2.12.2 (including) | 2.12.2 (including) |
Ec-cube | Lockon | 2.12.3 (including) | 2.12.3 (including) |
Ec-cube | Lockon | 2.12.3en (including) | 2.12.3en (including) |
Ec-cube | Lockon | 2.12.3enp1 (including) | 2.12.3enp1 (including) |
Ec-cube | Lockon | 2.12.3enp2 (including) | 2.12.3enp2 (including) |
Ec-cube | Lockon | 2.12.4en (including) | 2.12.4en (including) |
Ec-cube | Lockon | 2.12.5 (including) | 2.12.5 (including) |
Ec-cube | Lockon | 2.12.5en (including) | 2.12.5en (including) |
Ec-cube | Lockon | 2.12.6 (including) | 2.12.6 (including) |
Ec-cube | Lockon | 2.12.6en (including) | 2.12.6en (including) |
Ec-cube | Lockon | 2.13.0 (including) | 2.13.0 (including) |