Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cs-Cart | Cs-Cart | <= 4.3.10 |
| Cs-Cart | Cs-Cart Multivendor | <= 4.3.10 |
Related Weaknesses (CWE)
References
- http://tips.cs-cart.jp/fix-csrf-20170406.htmlVendor Advisory
- https://jvn.jp/en/jp/JVN87770873/index.htmlThird Party AdvisoryVDB Entry
- http://tips.cs-cart.jp/fix-csrf-20170406.htmlVendor Advisory
- https://jvn.jp/en/jp/JVN87770873/index.htmlThird Party AdvisoryVDB Entry
FAQ
What is CVE-2017-2138?
CVE-2017-2138 is a vulnerability with a CVSS score of 8.8 (HIGH). Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) al...
How severe is CVE-2017-2138?
CVE-2017-2138 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-2138?
Check the references section above for vendor advisories and patch information. Affected products include: Cs-Cart Cs-Cart, Cs-Cart Cs-Cart Multivendor.