Kartatopia: Security Vulnerabilities
In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure.
CVSS Score
7.5
EPSS Score
0.367
Published
2019-09-09
PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-03-14