CVE-2021-47953
MEDIUMOpenCart 3.0.3.7 Cross-Site Request Forgery via account/password
Title source: cnaExploitation Summary
EIP tracks 1 public exploit for CVE-2021-47953. PoCs published by Mert Daş.
AI-analyzed exploit summary This is a functional CSRF exploit for OpenCart 3.0.3.7 that demonstrates how an attacker can change a user's password by tricking them into submitting a crafted form. The exploit includes a Burp Suite-generated PoC HTML form and the raw HTTP request/response demonstrating the vulnerability.
Description
OpenCart 3.0.3.7 contains a cross-site request forgery vulnerability that allows attackers to change user passwords by sending crafted requests to the account/password endpoint. Attackers can trick authenticated users into submitting hidden forms with new password values in the 'password' and 'confirm' parameters to hijack accounts.
Exploits (1)
This is a functional CSRF exploit for OpenCart 3.0.3.7 that demonstrates how an attacker can change a user's password by tricking them into submitting a crafted form. The exploit includes a Burp Suite-generated PoC HTML form and the raw HTTP request/response demonstrating the vulnerability.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N