Aitor Herrero Fuentes

#15967de 53,635
16.9CVSS total
Vulnerabilidades · 2
Alta
2
PT-2023-28718
8.1
2023-10-12
Spa-Cart · Spa-Cart · CVE-2023-43148
**Name of the Vulnerable Software and Affected Versions** SPA-Cart version 1.9.0.3 **Description** The issue allows a remote attacker to delete all accounts due to a Cross Site Request Forgery (CSRF) vulnerability. **Recommendations** For SPA-Cart version 1.9.0.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-28719
8.8
2023-10-12
Spa-Cart · Spa-Cart · CVE-2023-43149
**Name of the Vulnerable Software and Affected Versions** SPA-Cart version 1.9.0.3 **Description** The issue allows a remote attacker to add an admin user with role status due to Cross Site Request Forgery (CSRF). **Recommendations** For SPA-Cart version 1.9.0.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.