CVE-2019-20178 PEEL Shopping : eCommerce shopping cart — 9.2.1— Cross-Site Request Forgery
Cross-Site Request Forgery (CSRF) vulnerabilities found in PEEL Shopping : eCommerce shopping cart 9.2.1 allow a malicious user to perform actions such as delete any user. The vulnerability has been associated with CVE-2019–20178.
👨🏼💻Discovered by Pablo Santiago.
📝Published 02/01/2020.
💉CVE-2019–20178
📄Vulnerable version ≤ 9.2.1
✅Solution: Add tokens anti-csrf
Attack Vector / Criticality — High
Through Cross-Site Request Forgery (CSRF) vulnerabilities, an attacker could take advantage of the application's trust in legitimate users to create a malicious link or form that will be executed through them.Paremeters / Vulnerable Resources
The application does not have anti-csrf tokens, so it is vulnerable to Cross-site Request Forgery attacks. The vulnerability allows delete any user.Proof Of concept
