CVE-2010-1611

2010-04-2919:00:00

mitre

www.cve.org

7.2 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.6%

JSON

Cross-site request forgery (CSRF) vulnerability in AlegroCart 1.1 allows remote attackers to hijack the authentication of the administrator for requests that reset the administrator password via a POST to admin/ with an update action.

References

forum.alegrocart.com/viewtopic.php?f=8&t=54

osvdb.org/62073

packetstormsecurity.org/1002-exploits/alegrocart-xsrf.txt

secunia.com/advisories/38386

exchange.xforce.ibmcloud.com/vulnerabilities/56037