N/A

Cross-site request forgery (CSRF) vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 (for EC-CUBE 4 series) and ver1.0.0 to 1.0.4 (for EC-CUBE 3 series) allows a remote unauthenticated attacker to hijack the authentication of an administrator via a specially crafted page, and Mail Magazine Templates and/or transmitted history information may be deleted unintendedly.

N/A

N/A

Ec-cube 跨站请求伪造漏洞

Ec-cube是日本Ec-cube公司的一套开源的电子商务系统。 EC-CUBE 插件存在跨站请求伪造漏洞，该漏洞是由于对HTTP请求源的验证不足而存在的。远程攻击者可利用该漏洞可以欺骗受害者访问专门制作的网页，并代表受害者在脆弱的网站上执行任意操作。该漏洞允许远程攻击者可利用该漏洞执行跨站点请求伪造攻击。

N/A

N/A