CVE-2020-28838: Cross-Site Request Forgery (CSRF)

December 11, 2020 (updated December 15, 2020)

Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS allows attacker to add cart items via Add to cart.

References

nvd.nist.gov/vuln/detail/CVE-2020-28838
www.exploit-db.com/exploits/49228

Detect and mitigate CVE-2020-28838 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →