CSRF in Zen-cart Zen_cart

CVE-2011-4403

Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php o…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.017 (74.4th percentile) — read the EPSS interpretation.

Affected products

Zen-cart Zen_cart — versions 1.3.9h
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

cve@mitre.org (mailing-list, Exploit, x_refsource_FULLDISC)
cve@mitre.org (x_refsource_OSVDB, vdb-entry)