24 matches found
CVE-2023-26689
An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request...
CVE-2023-26690
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu...
CVE-2023-26687
Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the productdata parameter in the PDF Add-on...
CVE-2023-26688
Cross Site Scripting XSS vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the productdata parameter of add/edit product in the administration interface...
CVE-2023-26688
Cross Site Scripting XSS vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the productdata parameter of add/edit product in the administration interface...
CVE-2023-26686
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop...
CVE-2023-26689
An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request...
CVE-2023-26686
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop...
CVE-2023-26686
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop...
CVE-2023-26686
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop...
CVE-2023-26689
An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request...
CVE-2023-26686
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop...
CVE-2023-26691
Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when installing a new add-on...
CVE-2023-26687
Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the productdata parameter in the PDF Add-on...
CVE-2023-26688
CVE-2023-26688 pertains to CS-Cart MultiVendor 4.16.1, where a Cross Site Scripting (XSS) flaw exists in the administration interface. The vulnerability is triggered via the product_data parameter in the add/edit product workflow, potentially allowing remote attackers to execute arbitrary code. T...
CVE-2023-26690
CVE-2023-26690 affects CS-Cart MultiVendor 4.16.1. A File Upload vulnerability in the File Manager/Editor component accessible from vendor or admin menus allows remote code execution by unauthenticated/low-privileged vectors per the reported description. Multiple sources (NVD, Red Hat, CNNVD, CVE...
CVE-2023-26691
CVE-2023-26691 affects CS-Cart MultiVendor 4.16.1. A Directory Traversal vulnerability in the add-on installation ZIP processing may allow remote code execution when installing a new add-on. Affected software: CS-Cart MultiVendor 4.16.1. Impact stated: remote arbitrary code execution via crafted ...
CVE-2023-26690
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu...
CVE-2023-26686
CVE-2023-26686 : CS-Cart MultiVendor 4.16.1 has a file-upload vulnerability in the image upload feature used during shop customization, enabling remote attackers to execute arbitrary code. The root cause is not explicitly detailed beyond noting a file upload flaw; no exploitation specifics or mit...
CVE-2023-26687
CVE-2023-26687 concerns CS-Cart MultiVendor 4.16.1, where a Directory Traversal flaw in the PDF Add-on allows remote attackers to obtain sensitive information via the product_data parameter. The vulnerability affects the PDF Add-on handling of that parameter, enabling access to files/directories ...