Abantecart : Security Vulnerabilities

CVE-2022-26521

Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an administrator (e.g., by configuring .php to be a valid image file type).
Max Base Score
7.2
Published
2022-03-10
Updated
2023-03-27
EPSS
1.04%

CVE-2021-42051

An issue was discovered in AbanteCart before 1.3.2. Any low-privileged user with file-upload permissions can upload a malicious SVG document that contains an XSS payload.
Max Base Score
5.4
Published
2021-12-14
Updated
2021-12-15
EPSS
0.06%

CVE-2021-42050

An issue was discovered in AbanteCart before 1.3.2. It allows DOM Based XSS.
Max Base Score
6.1
Published
2021-12-14
Updated
2021-12-15
EPSS
0.08%

CVE-2018-20141

AbanteCart 1.2.12 has reflected cross-site scripting (XSS) via the sort parameter, as demonstrated by a /apparel--accessories?sort= substring.
Max Base Score
6.1
Published
2019-03-21
Updated
2019-03-21
EPSS
0.21%

CVE-2016-10755

AbanteCart 1.2.8 allows SQL Injection via the source_language parameter to admin/controller/pages/localisation/language.php and core/lib/language_manager.php, or via POST data to admin/controller/pages/tool/backup.php and admin/model/tool/backup.php.
Max Base Score
8.8
Published
2019-05-24
Updated
2019-05-29
EPSS
0.10%
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close