exploitDog

CVE-2023-38130

Опубликовано: 17 нояб. 2023

Источник: nvd

CVSS3: 8.1

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system.

Ссылки

https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/
Vendor Advisory
https://jvn.jp/en/jp/JVN22220399/
Patch
Third Party Advisory
https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/
Vendor Advisory
https://jvn.jp/en/jp/JVN22220399/
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cubecart:cubecart:*:*:*:*:*:*:*:*

Версия до 6.5.3 (исключая)

EPSS

Процентиль: 78%

0.01091

Низкий

8.1 High

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-7q4j-xx7g-6mff

CVSS3: 8.1

github

около 2 лет назад

Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system.

EPSS

Процентиль: 78%

0.01091

Низкий

8.1 High

CVSS3

Дефекты

CWE-352