CVE-2021-20842

Name of the Vulnerable Software and Affected Versions: EC-CUBE 2 series versions 2.11.0 through 2.17.1

Description: A cross-site request forgery (CSRF) issue allows a remote attacker to hijack the authentication of an Administrator and potentially delete the Administrator account via a specially crafted web page.

Recommendations: For versions 2.11.0 through 2.17.1, consider implementing CSRF token validation to prevent unauthorized requests. As a temporary workaround, restrict access to Administrator functions until a patch is available. Avoid using the affected EC-CUBE 2 series versions until the issue is resolved.