CVE-2015-2701

Cs-cart - CSRF

Title source: rule

Description

Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/.

Exploits (1)

exploitdb WORKING POC
by Luis Santana · htmlwebappsphp
https://www.exploit-db.com/exploits/36358

References (3)

Scores

EPSS 0.0082
EPSS Percentile 74.5%

Details

CWE
CWE-352
Status published
Products (1)
cs-cart/cs-cart 4.2.4
Published Mar 25, 2015
Tracked Since Feb 18, 2026