CVE-2008-6758

Viart Shop - CSRF

Title source: rule

Description

Cross-site request forgery (CSRF) vulnerability in cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to hijack the authentication of arbitrary users for requests that conduct persistent cross-site scripting (XSS) attacks via the cart_name parameter in a save action.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/7628

View Code ZIP pw:eip

References (6)

[Exploit] http://osvdb.org/53283

[Vendor Advisory] http://secunia.com/advisories/33340

[Exploit] http://www.securityfocus.com/bid/33043

[Exploit] http://www.securitytracker.com/id?1021497

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/499625/100/0/threaded

[Third Party Advisory, VDB Entry] http://osvdb.org/51029

Scores

EPSS 0.0016

EPSS Percentile 36.9%

Details

CWE

CWE-352

Status published

Products (1)

viart/viart_shop 3.5

Published Apr 28, 2009

Tracked Since Feb 18, 2026