Image Upload Vulnerability in CS-Cart MultiVendor 4.16.1 Allows Arbitrary Code Execution via Customization
CVE-2023-26686

Currently unrated

Key Information:

Vendor: CS-Cart
Status: Cs-cart Multivendor
Vendor: CVE Published:; 25 September 2024

What is CVE-2023-26686?

A security vulnerability exists in CS-Cart MultiVendor 4.16.1 that permits remote attackers to exploit the image upload functionality. By manipulating this feature, attackers could upload malicious files, potentially leading to arbitrary code execution on the server. This vulnerability highlights the need for robust input validation and security measures to safeguard against unauthorized file uploads.

References

https://www.cs-cart.com/multivendor.html

https://github.com/cybrops-io/CVEs/tree/main/CVE-2023-266...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 25, 2024
Vulnerability Reserved
Feb 27, 2023