Cross site request forgery (csrf)

2011-01-2019:00:00

PRIOn knowledge base

www.prio-n.com

7.6 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.5%

JSON

Cross-site request forgery (CSRF) vulnerability in VaM Shop 1.6, 1.6.1, and probably earlier versions allows remote attackers to hijack the authentication of administrators for requests that (1) change user status via admin/customers.php or (2) change user permissions via admin/accounting.php. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
vam_shople1.6.1
vam_shopeq1.6

CPE	Name	Operator	Version
	vam_shop	le	1.6.1
	vam_shop	eq	1.6

References

osvdb.org/70431

secunia.com/advisories/42869

www.htbridge.ch/advisory/xsrf_csrf_in_vam_shop.html

www.securityfocus.com/archive/1/515613/100/0/threaded

www.exploit-db.com/exploits/15968