The 2010 Pwnie Nominee For Lamest Vendor Response

OpenCart CSRF vulnerability

Vendor: OpenCart

Congrats to Daniel Kerr for the EPIC mishandling of a CSRF vulnerability submitted by one of the users.

On 2010-01-22, at 7:31 PM, Daniel Kerr wrote: This sort of thing is down to the client. The software on a clients computer is nothing to do with opencart! There is no way that I’m responsible for a client being stupid enough to click links in emails.

Read more