Opencart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-13067)

Description

/upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password.

Remediation

References

CVE-2018-13067

Related Vulnerabilities

WordPress Plugin GDPR Cookie Compliance Security Bypass (4.0.2)

WordPress Plugin Cookie Notification for WordPress-WP Cookie User Info includes Backdoor [Only if downloaded via the vendor website] (1.0.7)

WordPress Plugin Comment Extra Fields 'cef-upload.php' Arbitrary File Upload (1.7)

WordPress Plugin Advanced Contact form 7 DB SQL Injection (1.6.1)

Envoy Proxy Always-Incorrect Control Flow Implementation Vulnerability (CVE-2022-21655)

Severity

High

Classification

CVE-2018-13067 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H