Description

/upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password.

Remediation

References

CVE-2018-13067

Related Vulnerabilities

WordPress Plugin Titan Anti-spam & Security Security Bypass (7.3.0)

MySQL CVE-2020-14760 Vulnerability (CVE-2020-14760)

WordPress Plugin LearnPress-WordPress LMS Cross-Site Request Forgery (3.2.7.2)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-12645)

WordPress Plugin WP Google Maps Unspecified Vulnerability (8.0.25)

Severity

High

Classification

CVE-2018-13067 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities