CSRF Vulnerability Allows Unauthorized Addition of Admin Account in HuCart v5.7.4

CSRF Vulnerability Allows Unauthorized Addition of Admin Account in HuCart v5.7.4

CVE-2019-6249 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=edit_info&act_type=add.

Learn more about our Web Application Penetration Testing UK.