Description
Cross-site request forgery (CSRF) vulnerability in index.php in OpenCart 1.4 allows remote attackers to hijack the authentication of an application administrator for requests that create an administrative account via a POST request with the route parameter set to "user/user/insert." NOTE: some of these details are obtained from third party information.
Remediation
References
Related Vulnerabilities
WordPress Plugin S3 Video Cross-Site Scripting (0.982)
Serendipity Other Vulnerability (CVE-2005-3129)
MySQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-8289)
WordPress Plugin Server Status by Hostname/IP SQL Injection (4.6)
WordPress Plugin Conduit Banner 'banner-index-field-id' Parameter Cross-Site Scripting (0.2)