VYPR
Vendor

Kartatopia

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2019-9769HigMar 14, 2019
    risk 0.60cvss 8.8epss 0.02

    PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator.

  • CVE-2019-25672HigApr 5, 2026
    risk 0.53cvss 8.2epss 0.00

    PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL…

  • CVE-2019-16123HigSep 9, 2019
    risk 0.50cvss 7.5epss 0.16

    In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure.