File Upload Vulnerability Allows Remote Attackers to Run Arbitrary Code
CVE-2023-26690

Currently unrated

Key Information:

Vendor: CS-Cart
Status: Cs-cart Multivendor
Vendor: CVE Published:; 25 September 2024

What is CVE-2023-26690?

A file upload vulnerability exists in the File Manager/Editor component of CS-Cart MultiVendor 4.16.1, enabling remote attackers to execute arbitrary code. This flaw arises from inadequate input validation when handling uploaded files, potentially allowing the launch of malicious scripts or commands without proper authentication. Exploring this issue is critical for users to safeguard their applications and mitigate the risks associated with unauthorized access.

References

https://www.cs-cart.com/multivendor.html

https://github.com/cybrops-io/CVEs/tree/main/CVE-2023-266...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 25, 2024
Vulnerability Reserved
Feb 27, 2023