Lucene search
JpcertCVELIST:CVE-2022-21179HistoryFeb 24, 2022 - 9:50 a.m.
CVE-2022-21179
2022-02-2409:50:27
jpcert
www.cve.org
2
remote attacker
authentication hijack
administrator
crafted page
mail magazine
template
transmitted history
Cross-site request forgery (CSRF) vulnerability in EC-CUBE plugin ‘Mail Magazine Management Plugin’ ver4.0.0 to 4.1.1 (for EC-CUBE 4 series) and ver1.0.0 to 1.0.4 (for EC-CUBE 3 series) allows a remote unauthenticated attacker to hijack the authentication of an administrator via a specially crafted page, and Mail Magazine Templates and/or transmitted history information may be deleted unintendedly.
CNA Affected
[
{
"product": "EC-CUBE plugin 'Mail Magazine Management Plugin'",
"vendor": "EC-CUBE CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "ver4.0.0 to 4.1.1 (for EC-CUBE 4 series) and ver1.0.0 to 1.0.4 (for EC-CUBE 3 series)"
}
]
}
]Related
osv
osv
CVE-2022-21179
2022-02-24 15:15:27
cve
cve
CVE-2022-21179
2022-02-24 15:15:27
jvn
jvn
nvd
nvd
CVE-2022-21179
2022-02-24 15:15:27
prion
prion
Cross site request forgery (csrf)
2022-02-24 15:15:00