CVE-2010-1611

Cross-site request forgery (CSRF) vulnerability in AlegroCart 1.1 allows remote attackers to hijack the authentication of the administrator for requests that reset the administrator password via a POST to admin/ with an update action.

Published: Apr 29, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-1611
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
alegrocart / alegrocart	1.1	1.1.x

http://forum.alegrocart.com/viewtopic.php?f=8&t=54
http://osvdb.org/62073
http://packetstormsecurity.org/1002-exploits/alegrocart-xsrf.txt
http://secunia.com/advisories/38386
https://exchange.xforce.ibmcloud.com/vulnerabilities/56037

Vulnerability Database

289,871

CVE-2010-1611