CVE-2021-20842

Cross-Site Request Forgery (CSRF) in packagist/ec-cube/ec-cube

Identifiers

CVE-2021-20842

Package Slug

packagist/ec-cube/ec-cube

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

A Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series to allows a remote attacker to hijack the authentication of Administrators and delete Administrators via a specially crafted web page.

Affected Versions

All versions starting from 2.11.0 up to 2.17.1

Solution

Upgrade to version 3.0.0 or above.

Last Modified

2021-11-30

source