{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-38329", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-03-28T15:06:34.318Z", "dateReserved": "2022-08-15T00:00:00.000Z", "datePublished": "2022-09-13T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-03-28T15:06:34.318Z"}, "descriptions": [{"lang": "en", "value": "A CSRF vulnerability in Shopxian CMS 3.0.0 could allow an unauthenticated, remote attacker to craft a malicious link, potentially causing the administrator to perform unintended actions on an affected system. The vulnerability could allow attackers to modify or delete specific content through crafted requests, potentially leading to data loss and system integrity issues."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/zhangqiquan/shopxian_cms/issues/4"}, {"url": "https://albert5888.github.io/posts/CVE-2022-38329/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:54:02.345Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/zhangqiquan/shopxian_cms/issues/4", "tags": ["x_transferred"]}, {"url": "https://albert5888.github.io/posts/CVE-2022-38329/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:shopxian:shopxian_cms:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C3E351B5-8095-4F9D-B555-EBD4349D1985", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A CSRF vulnerability in Shopxian CMS 3.0.0 could allow an unauthenticated, remote attacker to craft a malicious link, potentially causing the administrator to perform unintended actions on an affected system. The vulnerability could allow attackers to modify or delete specific content through crafted requests, potentially leading to data loss and system integrity issues."}, {"lang": "es", "value": "Se ha detectado un problema en Shopxian CMS versi\u00f3n 3.0.0. Se presenta una vulnerabilidad de tipo CSRF que puede eliminar la columna especificada por medio del archivo index.php/contents-admin_cat-finderdel-model-ContentsCat.html?id=17"}], "id": "CVE-2022-38329", "lastModified": "2025-03-28T15:15:42.063", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-13T21:15:09.537", "references": [{"source": "cve@mitre.org", "url": "https://albert5888.github.io/posts/CVE-2022-38329/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/zhangqiquan/shopxian_cms/issues/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://albert5888.github.io/posts/CVE-2022-38329/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/zhangqiquan/shopxian_cms/issues/4"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}