Medium severity6.5NVD Advisory· Published Nov 24, 2021· Updated Jun 17, 2026
CVE-2021-20842
CVE-2021-20842
Description
Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the authentication of Administrator and delete Administrator via a specially crafted web page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ec-cube/ec-cubePackagist | >= 2.11.0, < 2.17.2 | 2.17.2 |
Affected products
2- Range: 2.11.0 to 2.17.1
Patches
Vulnerability mechanics
References
5- www.ec-cube.net/info/weakness/20211111/nvdExploitPatchVendor Advisory
- github.com/advisories/GHSA-m9hv-qmqh-33qhghsaADVISORY
- jvn.jp/en/jp/JVN75444925/index.htmlnvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2021-20842ghsaADVISORY
- www.ec-cube.net/info/weakness/20211111ghsaWEB
News mentions
0No linked articles in our index yet.