SSD Advisory – OpenCart Account Takeover

Vulnerability Summary
The following advisory describes a account takeover vulnerability found in OpenCart (version OpenCart is a opensource e-commerce platform written in PHP.
“Opencart is an easy to-use, powerful, Open Source online store management program that can manage multiple online stores from a single back-end.”
An independent security researcher “Ayrx” has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
Vendor Responses
The vendor had this response to our report:
“… another clown acting like james bond with a nonsense Vulnerability”
“james already told me it was bullshit so go ahead!”