CVE-2022-38329

Published: Sep 13, 2022Modified: Jun 17, 2026

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

A CSRF vulnerability in Shopxian CMS 3.0.0 could allow an unauthenticated, remote attacker to craft a malicious link, potentially causing the administrator to perform unintended actions on an affected system. The vulnerability could allow attackers to modify or delete specific content through crafted requests, potentially leading to data loss and system integrity issues.

Affected (1)

Products: Shopxian: Shopxian Cms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Shopxian Shopxian Cms	Version 3.0.0

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

https://albert5888.github.io/posts/CVE-2022-38329/

Source: cve@mitre.org

https://github.com/zhangqiquan/shopxian_cms/issues/4

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://albert5888.github.io/posts/CVE-2022-38329/

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/zhangqiquan/shopxian_cms/issues/4

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.