oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request: CSRF in xt:commerce 3.04 SP2.1

From: dishix <dishix () googlemail com>
Date: Sat, 03 Dec 2011 09:38:30 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Can I get CVE-identifier for this:

xt:commerce 3.04 SP2.1 is prone to CSRF. An attacker can exploit this
vulnerability to escalate his/her privileges to gain administrator access.


http://dishix.blogspot.com/2011/11/exploiting-xtcommerce-v304-sp21-cross.html
http://dishix.blogspot.com/p/xtcommerce-v304-sp21-cross-site-request_29.html



Best regards,
dishix
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJO2d/7AAoJEKmqdCCWk7VQDpsIAJQNWNIaDXNTAuQrf8767R+n
U1ZQxSxRCVDkX7DsOINQgHxBYnetaycfKmBfX8KlOZvZYtvtOM7YrDlx2q8Pbcf7
nGF2IhZBIDOE9I67Gpwx1wAoHQogynXS7o/PGyZL9o7j4tzUmodbPG8nFMIK9c+8
BwchXmaV95J99V6scaL/MVwMG7K235UVuRkd6sxKDOPT9rYU8Ex/7Mpru9LQqeYf
zS4WlzTJ+zgJ/3YmzvJo59AfTmTFGNbahgkl1YsgmEkq79lQoVewf72Q5kY50zbX
njegk+xl1OJpbyoqa99x0Vxy789mqo97bfWreGgr445VLgIWG4LtkwEPemBpg/s=
=H1Cx
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: