RSS   Vulnerabilities for 'Piluscart'   RSS

2019-09-08
 
CVE-2019-16123

CWE-22
 
 
In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure.

 
2019-03-14
 
CVE-2019-9769

 
 
PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator.

 

Copyright 2024, cxsecurity.com

 

Back to Top