Lucene search
China National Vulnerability DatabaseCNVD-2022-03132HistoryNov 12, 2021 - 12:00 a.m.
EC-CUBE Cross-site Request Forgery Vulnerability (CNVD-2022-03132)
2021-11-1200:00:00
China National Vulnerability Database
www.cnvd.org.cn
5
0.001 Low
EPSS
Percentile
44.3%
EC-CUBE is an open source system for creating shopping websites. EC-CUBE versions 2.11.0 - 2.17.1 have a cross-site request forgery vulnerability in the administration interface. An attacker could exploit the vulnerability to remove administrators by tricking a user with administrative privileges into visiting a malicious page.
| CPE | Name | Operator | Version |
|---|---|---|---|
| LOCKON CO.LTD EC-CUBE >=2.11.0, | le | 2.17.1 |
Related
osv
osv
EC-CUBE Cross-site request forgery (CSRF) vulnerability
2022-05-24 19:21:18
CVE-2021-20842
2021-11-24 16:15:13
prion
prion
Cross site request forgery (csrf)
2021-11-24 16:15:00
cvelist
cvelist
CVE-2021-20842
2021-11-24 08:25:42
nvd
nvd
CVE-2021-20842
2021-11-24 16:15:13
cve
cve
CVE-2021-20842
2021-11-24 16:15:13
github
github
EC-CUBE Cross-site request forgery (CSRF) vulnerability
2022-05-24 19:21:18
jvn
jvn
JVN#75444925: Multiple vulnerabilities in EC-CUBE 2 series
2021-11-11 00:00:00