Ryan0lb/EC-cloud-e-commerce-system-CVE-application

Ryan0lb/EC-cloud-e-commerce-system-CVE-application

GitHubGitHub
GitHubgithub.com
Releases0
Stars1
EC cloud e-commerce system CVE application
Log in to subscribe

CVE History

CVEPublishedCVSS v3CVSS v2
CVE-2020-21139
6.5 MEDIUM4.3 MEDIUM

EC Cloud E-Commerce System v1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add admin accounts via /admin.html?do=user&act=add.