3 matches found
CVE-2019-16123
In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure...
CVE-2019-16123
PilusCart <=1.4.1 is affected by a Local File Inclusion in catalog.php due to mis-handling of the filename parameter, allowing disclosure of sensitive files via path traversal (../). The issue is documented in multiple sources (NVD entry CVE-2019-16123; Nuclei template: PilusCart =1.4.2 or app...
CVE-2019-16123
In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure...