Cs-Cart Multivendor vulnerabilities
8 known vulnerabilities affecting cs-cart/cs-cart_multivendor.
Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH4MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2023-26686P2CRITICALCVSS 9.8v4.16.12024-09-25
CVE-2023-26686 [CRITICAL] CWE-434 CVE-2023-26686: File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary cod
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop.
nvd
CVE-2023-26690P3HIGHCVSS 8.8v4.16.12024-09-25
CVE-2023-26690 [HIGH] CWE-434 CVE-2023-26690: File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary cod
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu.
nvd
CVE-2023-26689P3CRITICALCVSS 9.8v4.16.12024-09-25
CVE-2023-26689 [CRITICAL] CWE-286 CVE-2023-26689: An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account p
An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request.
nvd
CVE-2023-26687P3HIGHCVSS 8.8v4.16.12024-09-25
CVE-2023-26687 [HIGH] CWE-22 CVE-2023-26687: Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain se
Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the product_data parameter in the PDF Add-on.
nvd
CVE-2023-26691P3HIGHCVSS 7.2v4.16.12024-09-25
CVE-2023-26691 [HIGH] CWE-22 CVE-2023-26691: Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbit
Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when installing a new add-on.
nvd
CVE-2017-2138P4HIGHCVSS 8.8≤ 4.3.102017-08-02
CVE-2017-2138 [HIGH] CWE-352 CVE-2017-2138: Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (exc
Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors.
nvd
CVE-2023-26688P4MEDIUMCVSS 5.4v4.16.12024-09-25
CVE-2023-26688 [MEDIUM] CWE-79 CVE-2023-26688: Cross Site Scripting (XSS) vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to ru
Cross Site Scripting (XSS) vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the product_data parameter of add/edit product in the administration interface.
nvd
CVE-2017-10886P4MEDIUMCVSS 5.4v4.0.1v4.0.2+19 more2017-11-17
CVE-2017-10886 [MEDIUM] CWE-79 CVE-2017-10886: Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and
Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
nvd