CVE-2022-38329

Exploit

EPSS 0.37%
Veröffentlicht 13.09.2022 21:15:09
Zuletzt bearbeitet 28.03.2025 15:15:42
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A CSRF vulnerability in Shopxian CMS 3.0.0 could allow an unauthenticated, remote attacker to craft a malicious link, potentially causing the administrator to perform unintended actions on an affected system. The vulnerability could allow attackers to modify or delete specific content through crafted requests, potentially leading to data loss and system integrity issues.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Shopxian ≫ Shopxian Cms Version3.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.581

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://albert5888.github.io/posts/CVE-2022-38329/

https://github.com/zhangqiquan/shopxian_cms/issues/4

Third Party Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2022-38329

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-38329

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-38329

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-38329