mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 01:04:30 +00:00
757 B
757 B
CVE-2018-13067
Description
/upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password.
POC
Reference
- https://whitehatck01.blogspot.com/2018/06/opencart-v3-0-3-0-user-changes-password.html
- https://whitehatck01.blogspot.com/2018/06/opencart-v3-0-3-0-user-changes-password.html
Github
No PoCs found on GitHub currently.