CVE-2013-5991

The displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to obtain sensitive information by leveraging incorrect handling of error-log output.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
lockonec-cube
2.11.0
lockonec-cube
2.11.0:beta
lockonec-cube
2.11.0:beta2
lockonec-cube
2.11.1
lockonec-cube
2.11.2
lockonec-cube
2.11.3
lockonec-cube
2.11.4
lockonec-cube
2.11.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://jvn.jp/en/jp/JVN61077110/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000104
http://www.ec-cube.net/info/weakness/weakness.php?id=54
http://jvn.jp/en/jp/JVN61077110/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000104
http://www.ec-cube.net/info/weakness/weakness.php?id=54