Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a product via a setflag action to categories.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zen-Cart | Zen Cart | 1.3.9h |
Related Weaknesses (CWE)
References
- http://osvdb.org/79137
- http://seclists.org/fulldisclosure/2012/Feb/171Exploit
- http://osvdb.org/79137
- http://seclists.org/fulldisclosure/2012/Feb/171Exploit
FAQ
What is CVE-2011-4403?
CVE-2011-4403 is a vulnerability with a CVSS score of 5.8 (MEDIUM). Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_...
How severe is CVE-2011-4403?
CVE-2011-4403 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4403?
Check the references section above for vendor advisories and patch information. Affected products include: Zen-Cart Zen Cart.