Abantecart: >> Abantecart Security Vulnerabilities
Directory traversal vulnerability in AbanteCart version 1.4.2 allows unauthenticated attackers to gain access to sensitive system files via the template parameter to index.php.
CVSS Score
7.5
EPSS Score
0.005
Published
2025-08-26
A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update() function in public_html/admin/controller/responses/listing_grid/collections.php. The vulnerability is exploitable via the id parameter.
CVSS Score
6.0
EPSS Score
0.001
Published
2024-10-31
A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update() function in public_html/admin/controller/responses/listing_grid/email_templates.php. The vulnerability is exploitable via the id parameter.
CVSS Score
6.0
EPSS Score
0.001
Published
2024-10-31
Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an administrator (e.g., by configuring .php to be a valid image file type).
CVSS Score
7.2
EPSS Score
0.081
Published
2022-03-10
An issue was discovered in AbanteCart before 1.3.2. It allows DOM Based XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-12-14
An issue was discovered in AbanteCart before 1.3.2. Any low-privileged user with file-upload permissions can upload a malicious SVG document that contains an XSS payload.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-12-14
AbanteCart 1.2.8 allows SQL Injection via the source_language parameter to admin/controller/pages/localisation/language.php and core/lib/language_manager.php, or via POST data to admin/controller/pages/tool/backup.php and admin/model/tool/backup.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-05-24
AbanteCart 1.2.12 has reflected cross-site scripting (XSS) via the sort parameter, as demonstrated by a /apparel--accessories?sort= substring.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-03-21