To make this work, you need the session cookie of an admin, or be able to set the cookie on an admin’s computer. This “attack” works against almost any website, including Lemmy. In fact, the requirement for the URL token makes OpenCart more secure than 90% of websites out there.
He sure didn’t respond professionally, but if this is the kind of “security vulnerabilities” he has to deal with every day, I totally understand.
There are bigger OpenCart issues that do warrant a better response, of course.
Also this issue, ooof https://github.com/opencart/opencart/issues/12939
Wow, his response. Someone needs to fork this project because this guy isn’t living in the real world.
Nah, I’m with this dev on this one.
To make this work, you need the session cookie of an admin, or be able to set the cookie on an admin’s computer. This “attack” works against almost any website, including Lemmy. In fact, the requirement for the URL token makes OpenCart more secure than 90% of websites out there.
He sure didn’t respond professionally, but if this is the kind of “security vulnerabilities” he has to deal with every day, I totally understand.
There are bigger OpenCart issues that do warrant a better response, of course.