Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an administrator (e.g., by configuring .php to be a valid image file type).
Max CVSS
7.2
EPSS Score
1.35%
Published
2022-03-10
Updated
2023-03-27
An issue was discovered in AbanteCart before 1.3.2. Any low-privileged user with file-upload permissions can upload a malicious SVG document that contains an XSS payload.
Max CVSS
5.4
EPSS Score
0.05%
Published
2021-12-14
Updated
2021-12-15
An issue was discovered in AbanteCart before 1.3.2. It allows DOM Based XSS.
Max CVSS
6.1
EPSS Score
0.07%
Published
2021-12-14
Updated
2021-12-15
AbanteCart 1.2.12 has reflected cross-site scripting (XSS) via the sort parameter, as demonstrated by a /apparel--accessories?sort= substring.
Max CVSS
6.1
EPSS Score
0.15%
Published
2019-03-21
Updated
2019-03-21
AbanteCart 1.2.8 allows SQL Injection via the source_language parameter to admin/controller/pages/localisation/language.php and core/lib/language_manager.php, or via POST data to admin/controller/pages/tool/backup.php and admin/model/tool/backup.php.
Max CVSS
8.8
EPSS Score
0.10%
Published
2019-05-24
Updated
2019-05-29
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!