CS-Cart Cross-Site Request Forgery Vulnerability in CS-Cart by Simbirsk Technologies
CVE-2015-2701

Currently unrated

Key Information:

Vendor: Cs-cart
Status: Cs-cart
Vendor: CVE Published:; 25 March 2015

What is CVE-2015-2701?

A cross-site request forgery (CSRF) vulnerability exists in CS-Cart version 4.2.4, allowing remote attackers to exploit this weakness to hijack users' authentication. This can lead to unauthorized changes to user profiles, particularly password updates, by crafting a malicious request to the profiles-update endpoint, significantly compromising user data security. It is crucial for users of this version to review security practices and apply necessary patches to mitigate this risk.

References

http://osvdb.org/show/osvdb/119632

vdb-entryx_refsource_OSVDB

http://www.exploit-db.com/exploits/36358

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/72658

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2015
Vulnerability Reserved
Mar 25, 2015

Cs-cart

What is CVE-2015-2701?

References

Timeline