Description

Cross-site request forgery (CSRF) vulnerability in index.php in OpenCart 1.4 allows remote attackers to hijack the authentication of an application administrator for requests that create an administrative account via a POST request with the route parameter set to "user/user/insert." NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2010-1610

Related Vulnerabilities

WordPress Plugin Easy Contact Forms Export 'file' Parameter Information Disclosure (1.1.0)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0790)

ZenCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2005-3996)

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4194)

WordPress Plugin Rockhoist Badges Cross-Site Scripting (1.2.2)

Severity

Medium

Classification

CVE-2010-1610 CWE-352

Tags

Missing Update Known Vulnerabilities