PilusCart <=1.4.1 - Local File Inclusion

PilusCart versions 1.4.1 and prior suffer from a file disclosure vulnerability via local file inclusion. id: CVE-2019-16123 info: name: PilusCart =1.4.2 or apply the vendor-supplied patch to mitigate the LFI vulnerability. reference: -...

EUVD-2019-20079

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...

CVE-2019-25672

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...

CVE-2019-25672 PilusCart 1.4.1 SQL Injection via send Parameter

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...

CVE-2019-25672

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...

CVE-2019-25672

PilusCart 1.4.1 is affected by a SQL injection in the send parameter. Unauthenticated attackers can craft POST requests to the comment submission endpoint using RLIKE-based boolean SQL payloads to extract data from the database. The available sources confirm the vulnerability and affected version...

CVE-2019-25672 PilusCart 1.4.1 SQL Injection via send Parameter

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...

PT-2026-30481

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...

PilusCart SQL注入漏洞

PilusCart is an online store management system based on PHP and MySQL. Version 1.4.1 of PilusCart has a SQL injection vulnerability. This vulnerability stems from the send parameter, which allows for SQL injections. It may allow unverified attackers to manipulate database queries and extract...

CVE-2019-16123

In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure...

EUVD-2019-19131

Malware in sbrugna...

CVE-2019-16123

In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure...

CVE-2019-16123

In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure...

Arbitrary file deletion

In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure...

CVE-2019-16123

PilusCart &lt;=1.4.1 is affected by a Local File Inclusion in catalog.php due to mis-handling of the filename parameter, allowing disclosure of sensitive files via path traversal (../). The issue is documented in multiple sources (NVD entry CVE-2019-16123; Nuclei template: PilusCart =1.4.2 or app...

CVE-2019-16123

In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure...

PT-2019-14525 · Kartatopia · Kartatopia Piluscart

Name of the Vulnerable Software and Affected Versions: Kartatopia PilusCart version 1.4.1 Description: The issue arises from the mishandling of the filename parameter in the "catalog.php" file, resulting in a Local File Disclosure vulnerability. This allows for the disclosure of sensitive files o...

PilusCart 1.4.1 - Local File Disclosure Vulnerability

Exploit for php platform in category web applications Exploit Title: PilusCart = 1.4.1 - Local File Disclosure Exploit Author: Damian Ebelties https://zerodays.lol/ Vendor Homepage: https://sourceforge.net/projects/pilus/ Version: = 1.4.1 Tested on: Ubuntu 18.04.1 The e-commerce software...

PilusCart 1.4.1 Local File Disclosure

Exploit Title: PilusCart = 1.4.1 - Local File Disclosure Date: 29 August 2019 Exploit Author: Damian Ebelties https://zerodays.lol/ Vendor Homepage: https://sourceforge.net/projects/pilus/ Version: = 1.4.1 Tested on: Ubuntu 18.04.1 The e-commerce software 'PilusCart' is not validating the...

PilusCart 1.4.1 - Local File Disclosure

Exploit Title: PilusCart = 1.4.1 - Local File Disclosure Date: 29 August 2019 Exploit Author: Damian Ebelties https://zerodays.lol/ Vendor Homepage: https://sourceforge.net/projects/pilus/ Version: = 1.4.1 Tested on: Ubuntu 18.04.1 The e-commerce software 'PilusCart' is not validating the...