Moderate severityNVD Advisory· Published Nov 24, 2021· Updated Aug 3, 2024
CVE-2021-20842
CVE-2021-20842
Description
Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the authentication of Administrator and delete Administrator via a specially crafted web page.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ec-cube/ec-cubePackagist | >= 2.11.0, < 2.17.2 | 2.17.2 |
Affected products
1- Range: 2.11.0 to 2.17.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-m9hv-qmqh-33qhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-20842ghsaADVISORY
- jvn.jp/en/jp/JVN75444925/index.htmlghsax_refsource_MISCWEB
- www.ec-cube.net/info/weakness/20211111ghsaWEB
- www.ec-cube.net/info/weakness/20211111/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.