PT-2019-15910 · Nopcommerce · Nopcommerce
Klezvirus
·
Publicado
2019-12-09
·
Atualizado
2019-12-17
·
CVE-2019-19685
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
nopCommerce version 4.2.0
Description
The issue allows for Cross-Site Request Forgery (CSRF) attacks because GET requests can be used to perform actions such as renames and deletions.
Recommendations
For nopCommerce version 4.2.0, consider implementing proper CSRF protection mechanisms to prevent unauthorized actions. As a temporary workaround, restrict access to sensitive operations that can be performed via GET requests until a proper fix is applied.
Exploit
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Nopcommerce