CVE-2019-19685
CVE-2019-19685 concerns a CSRF flaw in RoxyFileman shipped with nopCommerce v4.2.0. The issue arises because GET requests can perform state-changing actions (renames and deletions), enabling an attacker to induce unintended requests from an authenticated user. The affected component is RoxyFilema...