Piluscart

piluscart

Vendor: Kartatopia • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-25672 1Kartatopia 1Piluscart Apr 9, 2026 Apr 5, 2026 8.8 HIGH· v4 8.2 HIGH· v3 N/A· v2 PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the co...Show more PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to extract sensitive database information.Show less
CVE-2019-16123 1Kartatopia 1Piluscart Nov 21, 2024 Sep 9, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure.
CVE-2019-9769 1Kartatopia 1Piluscart Nov 21, 2024 Mar 14, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator.