CVEDB API

Vulnerabilities

Vulnerable Software

Cs-Cart: >> Cs-Cart Multivendor >> 4.16.1 Security Vulnerabilities

CVE-2023-26691

Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when installing a new add-on.

CVSS Score

7.2

EPSS Score

0.011

Published

2024-09-25

CVE-2023-26686

File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop.

CVSS Score

9.8

EPSS Score

0.009

Published

2024-09-25

CVE-2023-26687

Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the product_data parameter in the PDF Add-on.

CVSS Score

8.8

EPSS Score

0.011

Published

2024-09-25

CVE-2023-26688

Cross Site Scripting (XSS) vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the product_data parameter of add/edit product in the administration interface.

CVSS Score

5.4

EPSS Score

0.0

Published

2024-09-25

CVE-2023-26689

An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request.

CVSS Score

9.8

EPSS Score

0.001

Published

2024-09-25

CVE-2023-26690

File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu.

CVSS Score

8.8

EPSS Score

0.004

Published

2024-09-25

Page 1

Vulnerabilities

Vulnerable Software

Cs-Cart: >> Cs-Cart Multivendor >> 4.16.1 Security Vulnerabilities

Products

Pricing

Contact Us