CVE-2022-38329

A CSRF vulnerability in Shopxian CMS 3.0.0 could allow an unauthenticated, remote attacker to craft a malicious link, potentially causing the administrator to perform unintended actions on an affected system. The vulnerability could allow attackers to modify or delete specific content through crafted requests, potentially leading to data loss and system integrity issues.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
VendorProductVersion
shopxianshopxian_cms
3.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://albert5888.github.io/posts/CVE-2022-38329/
https://github.com/zhangqiquan/shopxian_cms/issues/4
https://albert5888.github.io/posts/CVE-2022-38329/
https://github.com/zhangqiquan/shopxian_cms/issues/4