CSRF Vulnerability in EC-CUBE Mail Magazine Management Plugin
CVE-2022-21179

4.3MEDIUM

Key Information:

Vendor: Ec-cube Co.,ltd.
Status: Ec-cube Plugin 'mail Magazine Management Plugin'
Vendor: CVE Published:; 24 February 2022

🔔 Create Ec-cube Co.,ltd. Vulnerability Alert

What is CVE-2022-21179?

A cross-site request forgery (CSRF) vulnerability exists within the EC-CUBE Mail Magazine Management Plugin versions 4.0.0 through 4.1.1 and 1.0.0 through 1.0.4. This vulnerability enables an unauthenticated remote attacker to craft a malicious page that can hijack the authentication session of an administrator. The exploitation of this vulnerability may result in the unauthorized deletion of Mail Magazine Templates and the associated transmission history, posing a significant risk to the integrity of admin operations.

Affected Version(s)

EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 (for EC-CUBE 4 series) and ver1.0.0 to 1.0.4 (for EC-CUBE 3 series)

References

https://www.ec-cube.net/info/weakness/20220221/mail_magaz...

x_refsource_MISC

https://jvn.jp/en/jp/JVN67108459/index.html

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2022
Vulnerability Reserved
Feb 18, 2022