Description

Cross-site request forgery (CSRF) vulnerability in index.php in OpenCart 1.4 allows remote attackers to hijack the authentication of an application administrator for requests that create an administrative account via a POST request with the route parameter set to "user/user/insert." NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2010-1610

Related Vulnerabilities

WordPress Plugin bbPress Cross-Site Scripting (2.5.8)

ProjectSend Improper Input Validation Vulnerability (CVE-2017-9741)

WordPress Plugin Google Analytics Dashboard Plugin for WordPress by MonsterInsights Cross-Site Scripting (7.1.0)

Liferay Portal Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-28981)

MySQL CVE-2020-14800 Vulnerability (CVE-2020-14800)

Severity

Medium

Classification

CVE-2010-1610 CWE-352

Tags

Missing Update Known Vulnerabilities