How serious is CVE-2024-37212?

This vulnerability has a CVSS score of 8.8 out of 10, classified as HIGH severity. No public exploit code has been identified yet.

Which products are affected by CVE-2024-37212?

CVE-2024-37212 affects ali2woo aliexpress dropshipping with alinext. Check the full CVE details for specific version information.

How do I fix CVE-2024-37212?

To remediate CVE-2024-37212, check for security patches from ali2woo. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2024-37212

High

|8.8

No Exploit

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows an attacker to trick users into performing actions on the Ali2Woo Lite platform without their consent, potentially leading to unauthorized changes or data exposure. It affects versions up to 3.3.5 and requires the user to be logged in to the site while the attacker sends a malicious request.

Technical Description

Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through 3.3.5.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionRequired

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeUnchanged

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$4,789($1K-$5K)

Vendor Response

Grade FPatched in 616 days

Quick Information

Published

Jun 21, 2024

almost 2 years ago

Last Modified

Feb 27, 2026

about 1 month ago

Vendor

ali2woo

Product

aliexpress dropshipping with alinext