Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0 allows remote attackers to hijack the authentication of administrators for requests that change a user email address via an unspecified GET request.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Konakart | Konakart | < 7.3.0.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/128342/KonaKart-Storefront-Application-CrosThird Party AdvisoryVDB Entry
- http://www.christian-schneider.net/advisories/CVE-2014-5516.txtThird Party Advisory
- http://www.konakart.com/downloads/ver-7-3-0-0-whats-newRelease NotesVendor Advisory
- http://packetstormsecurity.com/files/128342/KonaKart-Storefront-Application-CrosThird Party AdvisoryVDB Entry
- http://www.christian-schneider.net/advisories/CVE-2014-5516.txtThird Party Advisory
- http://www.konakart.com/downloads/ver-7-3-0-0-whats-newRelease NotesVendor Advisory
FAQ
What is CVE-2014-5516?
CVE-2014-5516 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0 allows remote attackers to hijack the authentication of administrators for requ...
How severe is CVE-2014-5516?
CVE-2014-5516 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5516?
Check the references section above for vendor advisories and patch information. Affected products include: Konakart Konakart.