Kartatopia Piluscart vulnerabilities
3 known vulnerabilities affecting kartatopia/piluscart.
Total CVEs
3
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH3
Vulnerabilities
Page 1 of 1
CVE-2019-16123P2HIGHCVSS 7.5PoC≤ 1.4.12019-09-09
CVE-2019-16123 [HIGH] CWE-22 CVE-2019-16123: In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading
In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure.
nvd
CVE-2019-9769P3HIGHCVSS 8.8PoCv1.4.12019-03-14
CVE-2019-9769 [HIGH] CWE-352 CVE-2019-9769: PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition
PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator.
nvd
CVE-2019-25672P3HIGHCVSS 8.2v1.4.12026-04-05
CVE-2019-25672 [HIGH] CWE-89 CVE-2019-25672: PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to mani
PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to extract sensitive database information.
nvd