Vulnerabilities (CVE)

Filtered by vendor Kartatopia Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-9769 1 Kartatopia 1 Piluscart 2024-11-21 6.8 MEDIUM 8.8 HIGH
PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator.
CVE-2019-16123 1 Kartatopia 1 Piluscart 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure.