Cross-Site Request Forgery Vulnerability in OpenCart by OpenCart
CVE-2010-1610

Currently unrated

Key Information:

Vendor: Opencart
Status: Opencart
Vendor: CVE Published:; 29 April 2010

What is CVE-2010-1610?

A cross-site request forgery (CSRF) vulnerability exists in the index.php file of OpenCart 1.4, enabling remote attackers to exploit the application. This flaw allows attackers to hijack the authentication of an application administrator through crafted POST requests that target the administrative account creation feature. By manipulating the route parameter to 'user/user/insert', attackers can potentially create unauthorized administrative accounts, leading to unauthorized access and control over the OpenCart application.

References

http://www.securityfocus.com/archive/1/509313/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/56061

vdb-entryx_refsource_XF

http://blog.visionsource.org/2010/01/28/opencart-csrf-vul...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 29, 2010
Vulnerability Reserved
Apr 29, 2010

Opencart

What is CVE-2010-1610?

References

Timeline