Description
A CSRF vulnerability in Shopxian CMS 3.0.0 could allow an unauthenticated, remote attacker to craft a malicious link, potentially causing the administrator to perform unintended actions on an affected system. The vulnerability could allow attackers to modify or delete specific content through crafted requests, potentially leading to data loss and system integrity issues.
References (2)
Core 2
Core References
Exploit, Issue Tracking, Third Party Advisory
https://github.com/zhangqiquan/shopxian_cms/issues/4
Various Sources
https://albert5888.github.io/posts/CVE-2022-38329/
Scores
CVSS v3
4.3
EPSS
0.0040
EPSS Percentile
31.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Details
CWE
CWE-352
Status
published
Products (1)
shopxian/shopxian_cms
3.0.0
Published
Sep 13, 2022
Tracked Since
Feb 18, 2026