CVE-2010-1542 Information

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in admin/configure.php in DFD Cart 1.198 1.197 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks or (2) change unspecified settings.

Reference

http://holisticinfosec.org/content/view/135/45/ http://osvdb.org/62673 http://secunia.com/advisories/38635