Lucene search
China National Vulnerability DatabaseCNVD-2022-77863HistoryMay 17, 2022 - 12:00 a.m.
EC-CUBE Easy Blog for EC-CUBE4 Cross-Site Request Forgery Vulnerability
2022-05-1700:00:00
China National Vulnerability Database
www.cnvd.org.cn
5
ec-cube
easy blog
content management system
japan
vulnerability
cross-site request forgery
authentication
http requests
remote attack
unauthenticated
administrator
delete
blog posts
categories
EPSS
0.001
Percentile
26.8%
EC-CUBE Easy Blog for EC-CUBE4 is a component of the content management system from EC-CUBE Japan. EC-CUBE Easy Blog for EC-CUBE4 1.0.1 and earlier versions are vulnerable to cross-site request forgery, which stems from insufficient authentication of the source of HTTP requests. A remote, unauthenticated attacker could hijack the administratorβs authentication and delete blog posts or categories via a cleverly constructed page.
Related
nvd
nvd
CVE-2022-27174
2022-06-13 05:15:11
prion
prion
Cross site request forgery (csrf)
2022-06-13 05:15:00
cve
cve
CVE-2022-27174
2022-06-13 05:15:11
jvn
jvn
cvelist
cvelist
CVE-2022-27174
2022-06-13 04:50:28