CVE-2020-28838

LOW

Opencart - CSRF

Title source: rule

Description

Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to cart.

Exploits (1)

exploitdb WORKING POC
by Mahendra Purbia · textwebappsphp
https://www.exploit-db.com/exploits/49228

References (2)

Scores

CVSS v3 3.5
EPSS 0.0010
EPSS Percentile 26.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Details

CWE
CWE-352
Status published
Products (2)
opencart/opencart 3.0.3.6
opencart/opencart Packagist
Published Dec 11, 2020
Tracked Since Feb 18, 2026