EC-CUBE is an open source system for creating shopping websites. EC-CUBE versions 2.11.0 - 2.17.1 have a cross-site request forgery vulnerability in the administration interface. An attacker could exploit the vulnerability to remove administrators by tricking a user with administrative privileges into visiting a malicious page.
CPE | Name | Operator | Version |
---|---|---|---|
LOCKON CO.LTD EC-CUBE >=2.11.0, | le | 2.17.1 |