Summary
The host is running OpenCart and is prone to cross-site request forgery vulnerability.
Impact
Successful exploitation will allow attackers to perform CSRF attacks, which will aid in further attacks.
Impact Level: Application
Solution
Upgrade to OpenCart version 1.4.8 or later,
For updates refer to http://www.opencart.com
Insight
The flaw is caused by improper validation of user-supplied input in index.php, that allows remote attackers to hijack the authentication of an application administrator for requests that create an administrative account via a POST request with the route parameter set to 'user/user/insert'.
Affected
OpenCart Version 1.4.7 and prior.
References
Severity
Classification
-
CVE CVE-2010-1610 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
- Apache Tomcat SecurityConstraints Security Bypass Vulnerability
- Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
- Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
- Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability