OpenCart Cross-Site Request Forgery (CSRF) · CVE-2020-28838 · GitHub Advisory Database · GitHub

OpenCart Cross-Site Request Forgery (CSRF)

Low severity GitHub Reviewed Published May 24, 2022 to the GitHub Advisory Database • Updated Apr 23, 2024

Package

opencart/opencart (Composer)

Affected versions

= 3.0.3.6

Patched versions

None

Description

Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to cart.

References

Published by the National Vulnerability Database

Dec 11, 2020

Published to the GitHub Advisory Database May 24, 2022

Reviewed Apr 23, 2024

Last updated Apr 23, 2024

Severity

Low

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

Low

User interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N