CVE-2017-2138

2017-08-0216:00:00

jpcert

www.cve.org

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.4%

JSON

Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors.

CNA Affected

[
  {
    "product": "CS-Cart Japanese Edition",
    "vendor": "Frogman Office Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "v4.3.10 and earlier (excluding v2 and v3)"
      }
    ]
  },
  {
    "product": "CS-Cart Multivendor Japanese Edition",
    "vendor": "Frogman Office Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "v4.3.10 and earlier (excluding v2 and v3)"
      }
    ]
  }
]

References

tips.cs-cart.jp/fix-csrf-20170406.html

jvn.jp/en/jp/JVN87770873/index.html