Aitor Herrero Fuentes

#15938of 53,633
16.9Total CVSS
Vulnerabilities · 2
High
2
PT-2023-28718
8.1
2023-10-12
Spa-Cart · Spa-Cart · CVE-2023-43148
**Name of the Vulnerable Software and Affected Versions** SPA-Cart version 1.9.0.3 **Description** The issue allows a remote attacker to delete all accounts due to a Cross Site Request Forgery (CSRF) vulnerability. **Recommendations** For SPA-Cart version 1.9.0.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-28719
8.8
2023-10-12
Spa-Cart · Spa-Cart · CVE-2023-43149
**Name of the Vulnerable Software and Affected Versions** SPA-Cart version 1.9.0.3 **Description** The issue allows a remote attacker to add an admin user with role status due to Cross Site Request Forgery (CSRF). **Recommendations** For SPA-Cart version 1.9.0.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.