PilusCart <=1.4.1 - Local File Inclusion

PilusCart versions 1.4.1 and prior suffer from a file disclosure vulnerability via local file inclusion. id: CVE-2019-16123 info: name: PilusCart =1.4.2 or apply the vendor-supplied patch to mitigate the LFI vulnerability. reference: -...

CVE-2019-16123

In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure...

CVE-2019-16123

In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure...

CVE-2019-16123

In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure...

Arbitrary file deletion

In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure...

CVE-2019-16123

PilusCart &lt;=1.4.1 is affected by a Local File Inclusion in catalog.php due to mis-handling of the filename parameter, allowing disclosure of sensitive files via path traversal (../). The issue is documented in multiple sources (NVD entry CVE-2019-16123; Nuclei template: PilusCart =1.4.2 or app...

CVE-2019-16123

In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure...

PT-2019-14525 · Kartatopia · Kartatopia Piluscart

Name of the Vulnerable Software and Affected Versions: Kartatopia PilusCart version 1.4.1 Description: The issue arises from the mishandling of the filename parameter in the "catalog.php" file, resulting in a Local File Disclosure vulnerability. This allows for the disclosure of sensitive files o...