Bitnami package
abantecart
pkg:bitnami/abantecart
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-26521 | Hig | 7.2 | < 1.3.2 | 1.3.2 | Mar 10, 2022 | Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an administrator (e.g., by configuring .php to be a valid image file type). | |
| CVE-2021-42051 | Med | 5.4 | < 1.3.2 | 1.3.2 | Dec 14, 2021 | An issue was discovered in AbanteCart before 1.3.2. Any low-privileged user with file-upload permissions can upload a malicious SVG document that contains an XSS payload. | |
| CVE-2021-42050 | Med | 6.1 | < 1.3.2 | 1.3.2 | Dec 14, 2021 | An issue was discovered in AbanteCart before 1.3.2. It allows DOM Based XSS. |
- affected < 1.3.2fixed 1.3.2
Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an administrator (e.g., by configuring .php to be a valid image file type).
- affected < 1.3.2fixed 1.3.2
An issue was discovered in AbanteCart before 1.3.2. Any low-privileged user with file-upload permissions can upload a malicious SVG document that contains an XSS payload.
- affected < 1.3.2fixed 1.3.2
An issue was discovered in AbanteCart before 1.3.2. It allows DOM Based XSS.