Summary
The host is running OpenCart and is prone to cross-site request forgery vulnerability.
Impact
Successful exploitation will allow attackers to perform CSRF attacks, which will aid in further attacks.
Impact Level: Application
Solution
Upgrade to OpenCart version 1.4.8 or later,
For updates refer to http://www.opencart.com
Insight
The flaw is caused by improper validation of user-supplied input in index.php, that allows remote attackers to hijack the authentication of an application administrator for requests that create an administrative account via a POST request with the route parameter set to 'user/user/insert'.
Affected
OpenCart Version 1.4.7 and prior.
References
Severity
Classification
-
CVE CVE-2010-1610 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
- Apache ActiveMQ Multiple Vulnerabilities
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Apache Archiva Home Page Cross-Site Scripting vulnerability