cybrops-io

6 exploits Active since Sep 2024
CVE-2023-26686 WRITEUP CRITICAL WRITEUP
CS-Cart MultiVendor 4.16.1 - Remote Code Execution via Product Image Upload
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop.
CVSS 9.8
CVE-2023-26687 WRITEUP HIGH WRITEUP
CS-Cart MultiVendor <4.16.1 - Path Traversal
Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the product_data parameter in the PDF Add-on.
CVSS 8.8
CVE-2023-26688 WRITEUP MEDIUM WRITEUP
CS-Cart MultiVendor 4.16.1 - Stored Cross-Site Scripting via Product Data Parameter
Cross Site Scripting (XSS) vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the product_data parameter of add/edit product in the administration interface.
CVSS 5.4
CVE-2023-26689 WRITEUP CRITICAL WRITEUP
CS-Cart MultiVendor <4.16.1 - Info Disclosure
An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request.
CVSS 9.8
CVE-2023-26690 WRITEUP HIGH WRITEUP
CS-Cart MultiVendor 4.16.1 - Unauthenticated Arbitrary File Upload via File Manager
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu.
CVSS 8.8
CVE-2023-26691 WRITEUP HIGH WRITEUP
CS-Cart MultiVendor <4.16.1 - Path Traversal
Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when installing a new add-on.
CVSS 7.2