Guest Posted January 29, 2009 Share Posted January 29, 2009 DESCRIPTION: A vulnerability has been discovered in osCommerce, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. create additional administrator accounts by tricking an administrative user into visiting a malicious web site. The vulnerability is confirmed in version 2.2 Release Candidate 2a. Other versions may also be affected. SOLUTION: Do not visit untrusted sites while being logged in to the application. PROVIDED AND/OR DISCOVERED BY: Russ McRee, HolisticInfoSec See http://secunia.com/advisories/33446/ Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.