CVE-2022-36250 – Shop Beat Media Player versions 2.5.95 through ... (How to Fix)

Q: What is the severity of CVE-2022-36250?

CVE-2022-36250 has a CVSS score of 8.8 (HIGH). Shop Beat Media Player versions 2.5.95 through 3.2.57 contain a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to trick authenticated users into performing unintended actions. This affects all users of the vulnerable software versions who have administrative or user privileges.

📋 TL;DR

Shop Beat Media Player versions 2.5.95 through 3.2.57 contain a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to trick authenticated users into performing unintended actions. This affects all users of the vulnerable software versions who have administrative or user privileges.

💻 Affected Systems

Products:

Shop Beat Media Player

Versions: 2.5.95 up to 3.2.57

Operating Systems: All platforms where Shop Beat Media Player runs

Default Config Vulnerable: ⚠️ Yes

Notes: All installations within the affected version range are vulnerable unless custom CSRF protections have been implemented.

📦 What is this software?

Shop Beat Media Player by Shopbeat

View all CVEs affecting Shop Beat Media Player →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could perform administrative actions like changing configurations, adding/removing users, or modifying content without the administrator's knowledge or consent.

🟠

Likely Case

Attackers could trick users into changing their own settings, modifying content, or performing other actions within their privilege level.

🟢

If Mitigated

With proper CSRF protections, requests would require valid tokens, preventing unauthorized actions even if users are tricked into clicking malicious links.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

CSRF attacks typically require the victim to be authenticated and visit a malicious page while logged in.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 3.2.57

Vendor Advisory: https://www.shopbeat.co.za

Restart Required: Yes

Instructions:

1. Backup current configuration and data. 2. Download latest version from Shop Beat website. 3. Install update following vendor instructions. 4. Restart the application/service. 5. Verify functionality.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add anti-CSRF tokens to all state-changing requests

SameSite Cookie Attribute

all

Set SameSite=Strict or Lax on session cookies

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to detect CSRF patterns
Require re-authentication for sensitive actions and implement double-submit cookie pattern

🔍 How to Verify

Check if Vulnerable:

Check application version in admin panel or configuration files. If version is between 2.5.95 and 3.2.57 inclusive, it's vulnerable.

Check Version:

Check admin panel or configuration files for version information

Verify Fix Applied:

Verify version is above 3.2.57 and test CSRF protection by attempting to submit forms without valid tokens.

📡 Detection & Monitoring

Log Indicators:

Multiple failed state-changing requests from same IP
Requests missing expected CSRF tokens
Unusual administrative actions from unexpected user sessions

Network Indicators:

HTTP POST requests without Referer headers matching origin
Requests with suspicious origin headers

SIEM Query:

source="web_logs" AND (http_method="POST" OR http_method="PUT") AND NOT csrf_token=* AND response_code=200

📊 Metadata

CVE ID: CVE-2022-36250

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: May 30, 2023

Last Updated: January 13, 2025

🔗 References

https://www.shopbeat.co.za Product
https://www.shopbeat.co.za Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-36250, you might also want to check these: