Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

osCommerce Cross-Site Request Forgery Vulnerability


Guest

Recommended Posts

DESCRIPTION:

A vulnerability has been discovered in osCommerce, which can be

exploited by malicious people to conduct cross-site request forgery

attacks.

 

The application allows users to perform certain actions via HTTP

requests without performing any validity checks to verify the

requests. This can be exploited to e.g. create additional

administrator accounts by tricking an administrative user into

visiting a malicious web site.

 

The vulnerability is confirmed in version 2.2 Release Candidate 2a.

Other versions may also be affected.

 

SOLUTION:

Do not visit untrusted sites while being logged in to the

application.

 

PROVIDED AND/OR DISCOVERED BY:

Russ McRee, HolisticInfoSec

 

See http://secunia.com/advisories/33446/

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...