Lucene search

[email protected]NVD:CVE-2020-28838

HistoryDec 11, 2020 - 3:15 p.m.

CVE-2020-28838

2020-12-1115:15:12

CWE-352

[email protected]

web.nvd.nist.gov

opencart

csrf

cart option

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

29.4%

JSON

Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to cart.

Affected configurations

Nvd

Node

opencartopencartMatch3.0.3.6

VendorProductVersionCPE
opencartopencart3.0.3.6cpe:2.3:a:opencart:opencart:3.0.3.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opencart	opencart	3.0.3.6	cpe:2.3:a:opencart:opencart:3.0.3.6:::::::*

References

www.exploit-db.com/exploits/49228

www.opencart.com/

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

29.4%

JSON

Related for NVD:CVE-2020-28838

osv2 cve1 prion1 cvelist1 github1