CVE-2015-2701

Name of the Vulnerable Software and Affected Versions CS-Cart version 4.2.4

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack user authentication for requests that change a user's password via a request to "profiles-update/".

Recommendations For version 4.2.4, consider disabling the password change functionality until a patch is available to prevent exploitation of this issue. Restrict access to the "profiles-update/" endpoint to minimize the risk of CSRF attacks.