Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

ZenCart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-4403)

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a product via a setflag action to categories.php.

Remediation

References

Related Vulnerabilities

Liferay DXP Incorrect Default Permissions Vulnerability (CVE-2022-42128)

WordPress Plugin WooCommerce Cross-Site Scripting (3.5.0)

SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-1024)

Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-19138)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-14720)

Severity

Medium

Classification

CVE-2011-4403 CWE-352

Tags

Missing Update Known Vulnerabilities