Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0

Quesada Overview :

Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0 allows remote attackers to hijack the authentication of administrators for requests that change a user email address via an unspecified GET request.

unpalatably Affected Product(s) :

KonaKart Storefront Application prior to 7.3.0.0

Vulnerability Details :

CVE ID :	CVE-2014-5516
	The existing CSRF protection token was checked for every POST request properly. When modifying the request from POST method to GET method all state-changing actions worked as well, but the CSRF token protection was no longer enforced, allowing CSRF attacks.

Solution :

The vendor has released a XSRF fix as part of version 7.3.0.0 at

http://www.konakart.com/downloads/ver-7-3-0-0-whats-new

Contact us to get started

CVE-2024-22144 : ELI SCHEETZ ANTI-MALWARE SECURITY AND BRUTE-FORCE FIREWALL PLUGIN CODE INJECTION

Description Improper Control of Generation of Code (‘Code Injection’) vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows

Learn more

CVE-2024-26922 : LINUX KERNEL UP TO 6.9-RC4 AMDGPU PRIVILEGE ESCALATION

Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more

Learn more

CVE-2024-21511 : MYSQL2 UP TO 3.9.6 READCODEFOR TIMEZONE CODE INJECTION

Description Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the

Learn more