Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a product via a setflag action to categories.php.

Remediation

References

CVE-2011-4403

Related Vulnerabilities

CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-24816)

WordPress Plugin Social Sharing Toolkit Cross-Site Scripting (2.6)

WebLogic Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2018-11040)

Apache HTTP Server Numeric Errors Vulnerability (CVE-2006-3747)

SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-1023)

Severity

Medium

Classification

CVE-2011-4403 CWE-352

Tags

Missing Update Known Vulnerabilities