cybrops-io/CVEs

cybrops-io/CVEs

Releases0

Stars1

Public Disclosures by CybrOps Team

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-26691 ↗	Sep 25, 2024Wednesday, 25 September 2024, 01:15	7.2 HIGH	—
Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when installing a new add-on.
CVE-2023-26686 ↗	Sep 25, 2024Wednesday, 25 September 2024, 01:15	9.8 CRITICAL	—
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop.
CVE-2023-26687 ↗	Sep 25, 2024Wednesday, 25 September 2024, 01:15	8.8 HIGH	—
Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the product_data parameter in the PDF Add-on.
CVE-2023-26688 ↗	Sep 25, 2024Wednesday, 25 September 2024, 01:15	5.4 MEDIUM	—
Cross Site Scripting (XSS) vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the product_data parameter of add/edit product in the administration interface.
CVE-2023-26689 ↗	Sep 25, 2024Wednesday, 25 September 2024, 01:15	9.8 CRITICAL	—
An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request.
CVE-2023-26690 ↗	Sep 25, 2024Wednesday, 25 September 2024, 01:15	8.8 HIGH	—
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu.