CSRF Vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3

CSRF Vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3

CVE-2015-5665 · MEDIUM Severity

AV:N/AC:H/AU:N/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function.

Learn more about our User Device Pen Test.