Description
/upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password.
Remediation
References
Related Vulnerabilities
WordPress Plugin GDPR Cookie Compliance Security Bypass (4.0.2)
WordPress Plugin Comment Extra Fields 'cef-upload.php' Arbitrary File Upload (1.7)
WordPress Plugin Advanced Contact form 7 DB SQL Injection (1.6.1)
Envoy Proxy Always-Incorrect Control Flow Implementation Vulnerability (CVE-2022-21655)