Cs-Cart: >> Cs-Cart >> 4.2.4 Security Vulnerabilities
The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page.
CVSS Score
7.2
EPSS Score
0.004
Published
2017-11-28
Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-11-17
Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers.
CVSS Score
8.8
EPSS Score
0.024
Published
2017-04-20
Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/.
CVSS Score
6.8
EPSS Score
0.009
Published
2015-03-25