VYPR

PilusCart

by PilusCart

CVEs (2)

  • CVE-2019-9769HigMar 14, 2019
    risk 0.60cvss 8.8epss 0.02

    PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator.

  • CVE-2019-16123HigSep 9, 2019
    risk 0.50cvss 7.5epss 0.16

    In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure.