Opencart is vulnerable to cross-site request forgery (CSRF) attack. The library does not validate the user token during a password update, allowing a malicious user to change the password via a cross-site request forgery attack.
CPE | Name | Operator | Version |
---|---|---|---|
opencart/opencart | le | 3.1.0.0_a1 |