VYPR

Bitnami package

abantecart

pkg:bitnami/abantecart

Vulnerabilities (3)

  • CVE-2022-26521HigMar 10, 2022
    affected < 1.3.2fixed 1.3.2

    Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an administrator (e.g., by configuring .php to be a valid image file type).

  • CVE-2021-42051MedDec 14, 2021
    affected < 1.3.2fixed 1.3.2

    An issue was discovered in AbanteCart before 1.3.2. Any low-privileged user with file-upload permissions can upload a malicious SVG document that contains an XSS payload.

  • CVE-2021-42050MedDec 14, 2021
    affected < 1.3.2fixed 1.3.2

    An issue was discovered in AbanteCart before 1.3.2. It allows DOM Based XSS.