Filtered by vendor Kartatopia Subscriptions
Filtered by product Piluscart Subscriptions

Search

Switch to Advanced Search (Beta)
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-25672 1 Kartatopia 1 Piluscart 2026-04-05 8.2 High
PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to extract sensitive database information.
CVE-2019-9769 1 Kartatopia 1 Piluscart 2024-11-21 N/A
PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator.
CVE-2019-16123 1 Kartatopia 1 Piluscart 2024-11-21 7.5 High
In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure.