OpenCart Cross-Site Request Forgery Vulnerability Allowing Account Takeover

A cross-site request forgery (CSRF) vulnerability has been identified in OpenCart version 3.0.36, specifically within the '/account/edit' endpoint. This vulnerability allows unauthenticated attackers to manipulate victim account details by deceiving users into visiting malicious websites. Exploitation involves crafting CSRF payloads that alter email addresses and other account information, which can then be leveraged to gain unauthorized access to the affected accounts via the password reset functionality.

Impact

Exploitation of this vulnerability can lead to unauthorized modification of user account details and account takeover.

Reproduction

To reproduce this vulnerability, an attacker must first create an account and log in. After intercepting a request to the '/account/edit' endpoint using a tool like Burp Suite, the attacker can modify the email address and save the request as an HTML file. Sending this file to the victim, who opens it, will trigger the CSRF attack by changing the account details. The attacker can then use the password reset feature to access the compromised account.