PT-2019-15910 · Nopcommerce · Nopcommerce
Klezvirus
·
Published
2019-12-09
·
Updated
2019-12-17
·
CVE-2019-19685
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
nopCommerce version 4.2.0
Description
The issue allows for Cross-Site Request Forgery (CSRF) attacks because GET requests can be used to perform actions such as renames and deletions.
Recommendations
For nopCommerce version 4.2.0, consider implementing proper CSRF protection mechanisms to prevent unauthorized actions. As a temporary workaround, restrict access to sensitive operations that can be performed via GET requests until a proper fix is applied.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nopcommerce