Описание
Multiple cross-site request forgery (CSRF) vulnerabilities in admin/configure.php in DFD Cart 1.198, 1.197, and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks or (2) change unspecified settings.
Уязвимые конфигурации
Конфигурация 1Версия до 1.198 (включая)
Одно из
cpe:2.3:a:dragonfrugal:dfd_cart:*:*:*:*:*:*:*:*
cpe:2.3:a:dragonfrugal:dfd_cart:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:dragonfrugal:dfd_cart:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:dragonfrugal:dfd_cart:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:dragonfrugal:dfd_cart:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:dragonfrugal:dfd_cart:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:dragonfrugal:dfd_cart:1.192:*:*:*:*:*:*:*
cpe:2.3:a:dragonfrugal:dfd_cart:1.193:*:*:*:*:*:*:*
cpe:2.3:a:dragonfrugal:dfd_cart:1.194:*:*:*:*:*:*:*
cpe:2.3:a:dragonfrugal:dfd_cart:1.195:*:*:*:*:*:*:*
cpe:2.3:a:dragonfrugal:dfd_cart:1.196:*:*:*:*:*:*:*
cpe:2.3:a:dragonfrugal:dfd_cart:1.197:*:*:*:*:*:*:*
EPSS
Процентиль: 32%
0.00126
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
github
больше 3 лет назад
Multiple cross-site request forgery (CSRF) vulnerabilities in admin/configure.php in DFD Cart 1.198, 1.197, and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks or (2) change unspecified settings.
EPSS
Процентиль: 32%
0.00126
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-352