# Exploit Title: ZeusCart 4.0 Deactivate Customer Accounts CSRF # Date: 12/20/2018 # Exploit Author: mqt # Vendor Homepage: http://http://www.zeuscart.com/ # Version: Zeus Cart 4.0 CSRF 1. Vulnerability Description Due to the form not being validated, ZeusCart4.0 suffers from a Cross Site Request Forgery vulnerability, which means an attacker can perform actions on behalf of a victim, by having the victim visit an attacker controlled site. In this case, the attacker is able to "deactivate" any customer accounts, which means that the account is banned and cannot login. Proof of Concept: