VamCart v0.9 CSRF Vulnerability

vendor:

VamCart

by:

DaOne

5.5

CVSS

MEDIUM

CSRF

352

CWE

Product Name: VamCart

Affected Version From: v0.9

Affected Version To: v0.9

Patch Exists: NO

Related CWE:

CPE: a:vamcart_project:vamcart:0.9

Metasploit:

Other Scripts:

Platforms Tested:

2012

VamCart v0.9 CSRF Vulnerability

This exploit allows an attacker to add an admin user to the VamCart v0.9 software by submitting a form with hidden fields containing the necessary user information.

Mitigation:

To mitigate this vulnerability, it is recommended to implement CSRF protection mechanisms such as random tokens or re-authentication for sensitive actions.

Source

VamCart v0.9 CSRF Vulnerability

Mitigation:

Exploit-DB raw data: