exploitDog

CVE-2009-4120

Опубликовано: 01 дек. 2009

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.Cart 3.4 allow remote attackers to hijack the authentication of the administrator for requests that (1) delete orders via an orders-delete action to admin.php, and possibly (2) delete products or (3) delete pages via unspecified vectors.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opensolution:quick.cart:3.4:*:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00138

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-gpv6-q6p5-p2g2

github

почти 4 года назад

Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.Cart 3.4 allow remote attackers to hijack the authentication of the administrator for requests that (1) delete orders via an orders-delete action to admin.php, and possibly (2) delete products or (3) delete pages via unspecified vectors.

EPSS

Процентиль: 34%

0.00138

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352