Description

/upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password.

Remediation

References

CVE-2018-13067

Related Vulnerabilities

WordPress Plugin Ooorl Cross-Site Scripting (1.0.0)

Apache Traffic Server Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-38522)

WordPress Plugin Encrypted Blog Multiple Vulnerabilities (0.0.6.2)

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-16277)

WordPress Plugin WooCommerce Stock Manager Cross-Site Request Forgery (2.5.7)

Severity

High

Classification

CVE-2018-13067 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities