Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a product via a setflag action to categories.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin ThinkTwit Cross-Site Scripting (1.7.0)
Joomla! Core 1.7.x Cross-Site Scripting (1.7.0 - 1.7.2)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2018-3245)
Oracle Database Server Other Vulnerability (CVE-2005-0701)
WordPress Plugin Advanced Custom Fields (ACF) Information Disclosure (6.0.2)