Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-m9hv-qmqh-33qh

GitHub Security Advisory

EC-CUBE Cross-site request forgery (CSRF) vulnerability

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the authentication of Administrator and delete Administrator via a specially crafted web page.

Affected Packages

Packagist ec-cube/ec-cube
Affected versions: 2.11.0 (fixed in 2.17.2)

Related CVEs

CVE-2021-20842

Key Information

GHSA ID
GHSA-m9hv-qmqh-33qh
Published
May 24, 2022 7:21 PM
Last Modified
April 25, 2024 8:40 PM
CVSS Score
5.0 /10
Primary Ecosystem
Packagist
Primary Package
ec-cube/ec-cube
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 14, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.