Kartatopia - Piluscart CVE

Filtered by vendor Kartatopia Subscriptions

Filtered by product Piluscart Subscriptions

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2019-16123	1 Kartatopia	1 Piluscart	2024-08-05	7.5 High
In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure.
CVE-2019-9769	1 Kartatopia	1 Piluscart	2024-08-04	N/A
PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator.

Page 1 of 1.