Abdul Wahab

4 exploits Active since Jul 2025
CVE-2025-50847 WRITEUP MEDIUM WRITEUP
CS-Cart 4.18.3 - Cross-Site Request Forgery via Product Comparison List
Cross Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request.
CVSS 6.5
CVE-2025-50848 WRITEUP MEDIUM WRITEUP
CS-Cart 4.18.3 - Unrestricted HTML File Upload and Cross-Site Scripting
A file upload vulnerability was discovered in CS Cart 4.18.3, allows attackers to execute arbitrary code. CS Cart 4.18.3 allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This allows an attacker to upload a crafted HTML file containing malicious content, such as a fake login form for credential harvesting or scripts for Cross-Site Scripting (XSS) attacks. Since the content is served from a trusted domain, it significantly increases the likelihood of successful phishing or script execution against other users.
CVSS 6.1
CVE-2025-50849 WRITEUP HIGH WRITEUP
CS Cart 4.18.3 - Privilege Escalation
CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference (IDOR). The user profile functionality allows enabling or disabling stickers through a parameter (company_id) sent in the request. However, this operation is not properly validated on the server side. An authenticated user can manipulate the request to target other users' accounts and toggle the sticker setting by modifying the company_id or other object identifiers.
CVSS 8.0
CVE-2025-50850 WRITEUP HIGH WRITEUP
CS-Cart 4.18.3 - Unauthenticated Brute-Force Attack via Vendor Login Endpoint
An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and passwords (brute-force attack) to gain unauthorized access to vendor accounts. The absence of any blocking mechanism makes the login endpoint susceptible to automated attacks.
CVSS 8.6