CVE-2022-38329

MEDIUM

Shopxian CMS 3.0.0 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

A CSRF vulnerability in Shopxian CMS 3.0.0 could allow an unauthenticated, remote attacker to craft a malicious link, potentially causing the administrator to perform unintended actions on an affected system. The vulnerability could allow attackers to modify or delete specific content through crafted requests, potentially leading to data loss and system integrity issues.

References (2)

Core 2
Core References
Exploit, Issue Tracking, Third Party Advisory
https://github.com/zhangqiquan/shopxian_cms/issues/4

Scores

CVSS v3 4.3
EPSS 0.0040
EPSS Percentile 31.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE
CWE-352
Status published
Products (1)
shopxian/shopxian_cms 3.0.0
Published Sep 13, 2022
Tracked Since Feb 18, 2026