PT-2020-17041 · Opencart · Opencart Cms

Published

2020-12-11

Updated

2022-05-24

CVE-2020-28838

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Opencart CMS version 3.0.3.6

Description The issue allows an attacker to perform a Cross Site Request Forgery (CSRF) attack in the CART option, enabling them to add cart items via the 'Add to cart' function.

Recommendations For Opencart CMS version 3.0.3.6, consider implementing proper CSRF token validation to prevent unauthorized requests, and restrict access to the 'Add to cart' function until a fix is available.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2020-28838

GHSA-3J6M-M5V5-9785

Affected Products

Opencart Cms

PT-2020-17041 · Opencart · Opencart Cms

CVE-2020-28838

Weakness Enumeration

Related Identifiers

Affected Products

References · 11