CVE-2022-21179

Name of the Vulnerable Software and Affected Versions EC-CUBE plugin 'Mail Magazine Management Plugin' versions 4.0.0 through 4.1.1 (for EC-CUBE 4 series) EC-CUBE plugin 'Mail Magazine Management Plugin' versions 1.0.0 through 1.0.4 (for EC-CUBE 3 series)

Description A cross-site request forgery (CSRF) issue allows a remote unauthenticated attacker to hijack the authentication of an administrator via a specially crafted page. This could result in the unintended deletion of Mail Magazine Templates and/or transmitted history information.

Recommendations For versions 4.0.0 through 4.1.1 (for EC-CUBE 4 series), consider disabling the 'Mail Magazine Management Plugin' until a patch is available to prevent exploitation. For versions 1.0.0 through 1.0.4 (for EC-CUBE 3 series), restrict access to the plugin's functionality to minimize the risk of exploitation. As a temporary workaround, avoid using the plugin's features that may be vulnerable to CSRF attacks until the issue is resolved.