Description

Cross-site request forgery (CSRF) vulnerability in index.php in OpenCart 1.4 allows remote attackers to hijack the authentication of an application administrator for requests that create an administrative account via a POST request with the route parameter set to "user/user/insert." NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2010-1610

Related Vulnerabilities

Django Resource Management Errors Vulnerability (CVE-2015-5145)

WordPress Plugin Toolset Types-Custom Post Types, Custom Fields and Taxonomies PHP Object Injection (1.5.7)

osTicket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-14396)

MySQL Other Vulnerability (CVE-2010-3682)

WordPress Plugin Easy WP SMTP PHP Object Injection (1.3.9)

Severity

Medium

Classification

CVE-2010-1610 CWE-352

Tags

Missing Update Known Vulnerabilities