CVE-2009-4555

Name of the Vulnerable Software and Affected Versions AgoraCart versions 5.2.005 through 5.2.006 AgoraCart GOLD version 5.5.005

Description The issue allows remote attackers to hijack the authentication of administrators for requests that modify a .htaccess file via an unspecified request to "protected/manager.cgi" or change the password of an administrative account. This is due to multiple cross-site request forgery (CSRF) vulnerabilities.

Recommendations For AgoraCart versions 5.2.005 through 5.2.006, consider restricting access to the "protected/manager.cgi" endpoint until a fix is available. For AgoraCart GOLD version 5.5.005, avoid using the administrative account password change feature until the issue is resolved. As a temporary workaround, consider implementing additional authentication measures to prevent unauthorized requests to sensitive endpoints.