CVE-2022-21179

MEDIUM

EC-CUBE Mail Magazine Management Plugin 1.0.0-1.0.4 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 (for EC-CUBE 4 series) and ver1.0.0 to 1.0.4 (for EC-CUBE 3 series) allows a remote unauthenticated attacker to hijack the authentication of an administrator via a specially crafted page, and Mail Magazine Templates and/or transmitted history information may be deleted unintendedly.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry x_refsource_misc
https://jvn.jp/en/jp/JVN67108459/index.html

Scores

CVSS v3 4.3
EPSS 0.0046
EPSS Percentile 37.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE
CWE-352
Status published
Products (1)
ec-cube/e-mail_newsletter_management 1.0.0 - 1.0.4
Published Feb 24, 2022
Tracked Since Feb 18, 2026