| عنوان | Script and Tools e-Commerce 3.0 3.0 Cross-Site Request Forgery (CSRF) |
|---|
| الوصف | Title of the Vulnerability:
Script and Tools | eCommerce 3.0 | admin/customer-delete.php - Cross-Site Request Forgery (CSRF)
Vulnerability Class: Cross-Site Request Forgery (CSRF)
Product Name: eCommerce 3.0
Vendor: https://github.com/scriptandtools/
Vulnerable Product Link: https://github.com/scriptandtools/eCommerce-website-in-PHP
Technical Details & Description:
The application source code is coded in a way which allows : Cross-Site Request Forgery (CSRF)
Product & Service Introduction:
eCommerce-3.0
Observation & Exploitation:
Here,The Vulnerable File Is:
admin/customer-delete.php
Who will be affected of this attack?
->The Admin and All Users! Because Hackers will be able to delete the user acccounts even they are verified and active customers who ordered items and having running order users and this will lead to a Market Crash. |
|---|
| المصدر | ⚠️ https://www.websecurityinsights.my.id/2025/04/script-and-tools-ecommerce-30_3.html |
|---|
| المستخدم | MaloyRoyOrko (UID 79572) |
|---|
| ارسال | 04/04/2025 07:42 AM (1 سنة منذ) |
|---|
| الاعتدال | 14/04/2025 12:30 AM (10 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 304598 [ScriptAndTools eCommerce-website-in-PHP 3.0 تزوير طلبات عبر المواقع] |
|---|
| النقاط | 20 |
|---|