CS-Cart MultiVendor 4.16.1 vulnerability: Arbitrary user account profile manipulation
CVE-2023-26689

Currently unrated

Key Information:

Vendor: CS-Cart
Status: Cs-cart Multivendor
Vendor: CVE Published:; 25 September 2024

What is CVE-2023-26689?

A vulnerability in CS-Cart MultiVendor version 4.16.1 enables attackers to modify arbitrary user account profiles through specially crafted POST requests. This insufficient authorization flaw can be exploited to gain unauthorized access to sensitive user data, potentially leading to identity theft or data breaches. Proper security measures and updates are essential to protect against such vulnerabilities.

References

https://github.com/cybrops-io/CVEs/tree/main/CVE-2023-266...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 25, 2024
Vulnerability Reserved
Feb 27, 2023