Cross site request forgery (csrf)

2010-04-2919:30:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.6%

JSON

Cross-site request forgery (CSRF) vulnerability in AlegroCart 1.1 allows remote attackers to hijack the authentication of the administrator for requests that reset the administrator password via a POST to admin/ with an update action.

CPENameOperatorVersion
alegrocarteq1.1

CPE	Name	Operator	Version
	alegrocart	eq	1.1

References

forum.alegrocart.com/viewtopic.php?f=8&t=54

osvdb.org/62073

packetstormsecurity.org/1002-exploits/alegrocart-xsrf.txt

secunia.com/advisories/38386

exchange.xforce.ibmcloud.com/vulnerabilities/56037