View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007059 | OXID eShop (all versions) | 1.05. Users | public | 2019-12-13 14:48 | 2022-08-22 12:42 |
| Reporter | JCT | Assigned To | |||
| Priority | urgent | Severity | crash | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 6.1.5 | ||||
| Fixed in Version | 6.4.2 | ||||
| Summary | 0007059: CreateUser does not check CSRF/session token | ||||
| Description | At the moment it is possible to execute the register form in the frontend without an valid csrf/session token. The token will be neither checked or validated. | ||||
| Steps To Reproduce | 1. Visit the frontend and open register as new user 2. Remove the stoken value from the register form 3. Submit the form | ||||
| Tags | Account, Security, Session, Validation | ||||
| Theme | All | ||||
| Browser | All | ||||
| PHP Version | All | ||||
| Database Version | All | ||||
|
|
possible security issue > view status to private |
|
|
@JCT: please have in mind, that security issues should be send to [email protected]. I have informed them. -MF |
|
|
Set the view status to public. -MK |
