Cross-Site Request Forgery (CSRF) in i-love-flamingo/flamingo-commerce

Valid

Reported on

Oct 8th 2021

Description

CSRF in cart related endpoints. This include:

  • Adding items to cart
  • Clean cart
  • Delete item from cart
  • Update cart

This happens because the system use GET request for these actions and thus allows CSRF attacks.

Proof of Concept

  1. Access this link in a browser https://demoshop.flamingo.me/en/cart/add/awesome-retailer_1089254?qty=100&deliveryCode=pickup_store ​See that your cart is added 100 products.
  2. Access this link: https://demoshop.flamingo.me/en/cart/clean, see that your cart is emptied.
We created a GitHub Issue asking the maintainers to create a SECURITY.md a year ago
We have contacted a member of the i-love-flamingo/flamingo-commerce team and are waiting to hear back a year ago
i-love-flamingo/flamingo-commerce maintainer
a year ago

Maintainer

Please see https://github.com/i-love-flamingo/flamingo-commerce/pull/343

i-love-flamingo/flamingo-commerce maintainer validated this vulnerability a year ago
M0rphling has been awarded the disclosure bounty
The fix bounty is now up for grabs
i-love-flamingo/flamingo-commerce maintainer marked this as fixed with commit afe9d2 a year ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
to join this conversation