Описание
EC-CUBE Cross-site request forgery (CSRF) vulnerability
Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the authentication of Administrator and delete Administrator via a specially crafted web page.
Пакеты
Наименование
ec-cube/ec-cube
composer
Затронутые версииВерсия исправления
>= 2.11.0, <= 2.17.1
2.17.2
Связанные уязвимости
CVSS3: 6.5
nvd
около 4 лет назад
Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the authentication of Administrator and delete Administrator via a specially crafted web page.