CVE-2021-20842
packagist/ec-cube/ec-cube
Cross-Site Request Forgery (CSRF)
A Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series to allows a remote attacker to hijack the authentication of Administrators and delete Administrators via a specially crafted web page.
All versions starting from 2.11.0 up to 2.17.1
Upgrade to version 3.0.0 or above.
2021-11-30
source |