CVE-2010-1610

Name of the Vulnerable Software and Affected Versions OpenCart version 1.4

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of an application administrator. This can be done for requests that create an administrative account via a POST request with the route parameter set to "user/user/insert".

Recommendations For OpenCart version 1.4, as a temporary workaround, consider restricting access to the "user/user/insert" route to minimize the risk of exploitation. Avoid using the route parameter in the affected POST request until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.