CVE-2018-13067
OpenCart up to version 3.0.2.0 is affected by a CSRF vulnerability in /upload/catalog/controller/account/password.php, exploitable via the index.php?route=account/password URI. The root cause is CSRF protection weakness when updating a user password, enabling an attacker to change a password with...