SPA-Cart 1.9.0.3 has a Cross Site Request Forgery (CSRF) vulnerability that allows a remote malicious user to delete all accounts.
spa-cart spa-cart 1.9.0.3