Vulnerability Details CVE-2021-20842
Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the authentication of Administrator and delete Administrator via a specially crafted web page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.3%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
Products affected by CVE-2021-20842
-
cpe:2.3:a:ec-cube:ec-cube:2.11.0
-
cpe:2.3:a:ec-cube:ec-cube:2.11.1
-
cpe:2.3:a:ec-cube:ec-cube:2.11.2
-
cpe:2.3:a:ec-cube:ec-cube:2.11.3
-
cpe:2.3:a:ec-cube:ec-cube:2.11.4
-
cpe:2.3:a:ec-cube:ec-cube:2.11.5
-
cpe:2.3:a:ec-cube:ec-cube:2.12.0
-
cpe:2.3:a:ec-cube:ec-cube:2.12.1
-
cpe:2.3:a:ec-cube:ec-cube:2.12.2
-
cpe:2.3:a:ec-cube:ec-cube:2.12.3
-
cpe:2.3:a:ec-cube:ec-cube:2.12.4
-
cpe:2.3:a:ec-cube:ec-cube:2.12.5
-
cpe:2.3:a:ec-cube:ec-cube:2.12.6
-
cpe:2.3:a:ec-cube:ec-cube:2.13.0
-
cpe:2.3:a:ec-cube:ec-cube:2.13.1
-
cpe:2.3:a:ec-cube:ec-cube:2.13.2
-
cpe:2.3:a:ec-cube:ec-cube:2.13.3
-
cpe:2.3:a:ec-cube:ec-cube:2.13.4
-
cpe:2.3:a:ec-cube:ec-cube:2.13.5
-
cpe:2.3:a:ec-cube:ec-cube:2.17.0
-
cpe:2.3:a:ec-cube:ec-cube:2.17.1