CSRF Vulnerability in PilusCart 1.4.1 Allows Unauthorized Addition of Administrator User

CSRF Vulnerability in PilusCart 1.4.1 Allows Unauthorized Addition of Administrator User

CVE-2019-9769 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator.

Learn more about our User Device Pen Test.