CVE-2022-38329

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-38329
A CSRF vulnerability in Shopxian CMS 3.0.0 could allow an unauthenticated, remote attacker to craft a malicious link, potentially causing the administrator to perform unintended actions on an affected system. The vulnerability could allow attackers to modify or delete specific content through crafted requests, potentially leading to data loss and system integrity issues.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://albert5888.github.io/posts/CVE-2022-38329/
https://github.com/zhangqiquan/shopxian_cms/issues/4 Exploit Issue Tracking Third Party Advisory
https://albert5888.github.io/posts/CVE-2022-38329/
https://github.com/zhangqiquan/shopxian_cms/issues/4 Exploit Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:shopxian:shopxian_cms:3.0.0:*:*:*:*:*:*:*
History

28 Mar 2025, 15:15

Type Values Removed Values Added
Summary (en) A CSRF vulnerability in Shopxian CMS 3.0.0 could allow an unauthenticated, remote attacker to craft a malicious link, potentially causing the administrator to perform unintended actions on an affected system. The vulnerability could allow attackers to delete the specified column via index.php/contents-admin_cat-finderdel-model-ContentsCat.html?id=17. (en) A CSRF vulnerability in Shopxian CMS 3.0.0 could allow an unauthenticated, remote attacker to craft a malicious link, potentially causing the administrator to perform unintended actions on an affected system. The vulnerability could allow attackers to modify or delete specific content through crafted requests, potentially leading to data loss and system integrity issues.

21 Mar 2025, 15:15

Type Values Removed Values Added
Summary (en) An issue was discovered in Shopxian CMS 3.0.0. There is a CSRF vulnerability that can delete the specified column via index.php/contents-admin_cat-finderdel-model-ContentsCat.html?id=17. (en) A CSRF vulnerability in Shopxian CMS 3.0.0 could allow an unauthenticated, remote attacker to craft a malicious link, potentially causing the administrator to perform unintended actions on an affected system. The vulnerability could allow attackers to delete the specified column via index.php/contents-admin_cat-finderdel-model-ContentsCat.html?id=17.

21 Nov 2024, 07:16

Type Values Removed Values Added
References () https://albert5888.github.io/posts/CVE-2022-38329/ - () https://albert5888.github.io/posts/CVE-2022-38329/ -
References () https://github.com/zhangqiquan/shopxian_cms/issues/4 - Exploit, Issue Tracking, Third Party Advisory () https://github.com/zhangqiquan/shopxian_cms/issues/4 - Exploit, Issue Tracking, Third Party Advisory
Information

Published : 2022-09-13 21:15

Updated : 2025-03-28 15:15

NVD link : CVE-2022-38329

Mitre link : CVE-2022-38329

CVE.ORG link : CVE-2022-38329

JSON object : View

Products Affected

shopxian

  • shopxian_cms
CWE
CWE-352

Cross-Site Request Forgery (CSRF)