8 matches found
CVE-2022-21179
Cross-site request forgery CSRF vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 for EC-CUBE 4 series and ver1.0.0 to 1.0.4 for EC-CUBE 3 series allows a remote unauthenticated attacker to hijack the authentication of an administrator via a specially crafted pag...
CVE-2022-21179
Cross-site request forgery CSRF vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 for EC-CUBE 4 series and ver1.0.0 to 1.0.4 for EC-CUBE 3 series allows a remote unauthenticated attacker to hijack the authentication of an administrator via a specially crafted pag...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 for EC-CUBE 4 series and ver1.0.0 to 1.0.4 for EC-CUBE 3 series allows a remote unauthenticated attacker to hijack the authentication of an administrator via a specially crafted pag...
CVE-2022-21179
Cross-site request forgery CSRF vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 for EC-CUBE 4 series and ver1.0.0 to 1.0.4 for EC-CUBE 3 series allows a remote unauthenticated attacker to hijack the authentication of an administrator via a specially crafted pag...
CVE-2022-21179
Cross-site request forgery CSRF vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 for EC-CUBE 4 series and ver1.0.0 to 1.0.4 for EC-CUBE 3 series allows a remote unauthenticated attacker to hijack the authentication of an administrator via a specially crafted pag...
CVE-2022-21179
The CVE-2022-21179 entry describes a Cross-Site Request Forgery (CSRF) vulnerability in the EC-CUBE plugin Mail Magazine Management Plugin, affecting versions 4.0.0–4.1.1 (EC-CUBE 4 series) and 1.0.0–1.0.4 (EC-CUBE 3 series). A remote unauthenticated attacker can hijack an administrator’s session...
EC-CUBE plugin "Mail Magazine Management Plugin" vulnerable to cross-site request forgery
Overview EC-CUBE plugin "Mail Magazine Management Plugin" provided by EC-CUBE CO.,LTD. contains a cross-site request forgery vulnerability CWE-352. Kenta Yamamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informatio...
JVN#67108459: EC-CUBE plugin "Mail Magazine Management Plugin" vulnerable to cross-site request forgery
EC-CUBE plugin "Mail Magazine Management Plugin" provided by EC-CUBE CO.,LTD. contains a cross-site request forgery vulnerability CWE-352. Impact If a user with an administrative privilege views a malicious page while logged in to EC-CUBE which the plugin is installed, Mail Magazine Templates...