Description
/upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password.
Remediation
References
Related Vulnerabilities
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-34944)
WordPress Plugin Video Downloader for TikTok Directory Traversal (1.3)
WordPress Plugin WP Business Intelligence Lite Arbitrary File Upload (1.0.6)
WordPress Plugin Advanced Custom Fields (ACF) Cross-Site Scripting (4.4.3)