CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Kartatopia: >> Piluscart >> 1.4.1 Security Vulnerabilities

CVE-2019-25672

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to extract sensitive database information.

CVSS Score

8.2

EPSS Score

0.001

Published

2026-04-05

CVE-2019-16123

In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure.

CVSS Score

7.5

EPSS Score

0.477

Published

2019-09-09

CVE-2019-9769

PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator.

CVSS Score

8.8

EPSS Score

0.003

Published

2019-03-14

Page 1

Vulnerabilities

Vulnerable Software

Kartatopia: >> Piluscart >> 1.4.1 Security Vulnerabilities

Products

Pricing

Contact Us