CSRF Vulnerability in EC-CUBE Mail Magazine Management Plugin
CVE-2022-21179

4.3MEDIUM

Key Information:

Vendor: Ec-cube Co.,ltd.
Status: Ec-cube Plugin 'mail Magazine Management Plugin'
Vendor: CVE Published:; 24 February 2022

🔔 Create Ec-cube Co.,ltd. Vulnerability Alert

What is CVE-2022-21179?

A cross-site request forgery (CSRF) vulnerability exists within the EC-CUBE Mail Magazine Management Plugin versions 4.0.0 through 4.1.1 and 1.0.0 through 1.0.4. This vulnerability enables an unauthenticated remote attacker to craft a malicious page that can hijack the authentication session of an administrator. The exploitation of this vulnerability may result in the unauthorized deletion of Mail Magazine Templates and the associated transmission history, posing a significant risk to the integrity of admin operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 (for EC-CUBE 4 series) and ver1.0.0 to 1.0.4 (for EC-CUBE 3 series)

References

https://www.ec-cube.net/info/weakness/20220221/mail_magaz...

x_refsource_MISC

https://jvn.jp/en/jp/JVN67108459/index.html

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 24, 2022
Vulnerability Reserved
Feb 18, 2022

JSON

Ec-cube Co.,ltd.

What is CVE-2022-21179?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.