Vulnerability Details CVE-2018-12256
admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods&doc=vqmods request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.024
EPSS Ranking 84.4%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
Products affected by CVE-2018-12256
-
cpe:2.3:a:litecart:litecart:-
-
cpe:2.3:a:litecart:litecart:1.3.5
-
cpe:2.3:a:litecart:litecart:1.3.6
-
cpe:2.3:a:litecart:litecart:1.3.7
-
cpe:2.3:a:litecart:litecart:2.0
-
cpe:2.3:a:litecart:litecart:2.0.1
-
cpe:2.3:a:litecart:litecart:2.0.2
-
cpe:2.3:a:litecart:litecart:2.1
-
cpe:2.3:a:litecart:litecart:2.1.1
-
cpe:2.3:a:litecart:litecart:2.1.2