MidnightBSD

Advisories for cs-cart

CVE-2005-4429 HIGH

SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order parameters to index.php.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cs-cart cs-cart 1.3.0
CVE-2006-2863 MEDIUM

PHP remote file inclusion vulnerability in class.cs_phpmailer.php in CS-Cart 1.3.3 allows remote attackers to execute arbitrary PHP code via a URL in the classes_dir parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cs-cart cs-cart *
cs-cart cs-cart 1.3.0
CVE-2007-0230 HIGH

PHP remote file inclusion vulnerability in install.php in CS-Cart 1.3.3 allows remote attackers to execute arbitrary PHP code via a URL in the install_dir parameter. NOTE: CVE and third parties dispute this vulnerability because install_dir is defined before use

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
cs-cart cs-cart 1.3.3
CVE-2009-4891 HIGH

SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a products.view action.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
cs-cart cs-cart 2.0
CVE-2013-0118 MEDIUM

CS-Cart before 3.0.6, when PayPal Standard Payments is configured, allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-16,

Products Affected

Vendor Product Version
cs-cart cs-cart 3.0.2
cs-cart cs-cart 3.0
cs-cart cs-cart 3.0.4
cs-cart cs-cart *
cs-cart cs-cart 3.0.3
CVE-2013-7317 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) settings_file or (2) data_file parameter to (a) ampie.swf, (b) amline.swf, or (c) amcolumn.swf.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
cs-cart cs-cart 3.0.2
cs-cart cs-cart 2.0.6
cs-cart cs-cart 2.1.4
cs-cart cs-cart 1.3.4
cs-cart cs-cart *
cs-cart cs-cart 1.3.2
cs-cart cs-cart 2.2.5
cs-cart cs-cart 3.0.5
cs-cart cs-cart 3.0.4
cs-cart cs-cart 2.1.2
cs-cart cs-cart 2.0.7
cs-cart cs-cart 2.2.3
cs-cart cs-cart 1.3.0
cs-cart cs-cart 2.0.14
cs-cart cs-cart 2.2.4
cs-cart cs-cart 2.0.8
cs-cart cs-cart 2.0.12
cs-cart cs-cart 3.0.6
cs-cart cs-cart 2.1
cs-cart cs-cart 4.0.2
cs-cart cs-cart 2.0.11
cs-cart cs-cart 3.0
cs-cart cs-cart 2.2.1
cs-cart cs-cart 1.3.3
cs-cart cs-cart 2.0
cs-cart cs-cart 2.0.15
cs-cart cs-cart 2.1.3
cs-cart cs-cart 2.0.10
cs-cart cs-cart 2.0.13
cs-cart cs-cart 2.0.5
cs-cart cs-cart 4.0
cs-cart cs-cart 2.0.9
cs-cart cs-cart 2.1.1
cs-cart cs-cart 3.0.3
cs-cart cs-cart 2.2.2
CVE-2015-2701 MEDIUM

Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
cs-cart cs-cart 4.2.4
CVE-2016-4862 MEDIUM

Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
cs-cart cs-cart *
CVE-2017-10886 LOW

Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
cs-cart cs-cart_multivendor 4.1.2
cs-cart cs-cart_multivendor 4.2.3
cs-cart cs-cart_multivendor 4.1.4
cs-cart cs-cart 4.1.3
cs-cart cs-cart_multivendor 4.3.10
cs-cart cs-cart 4.3.6
cs-cart cs-cart_multivendor 4.3.3
cs-cart cs-cart_multivendor 4.3.9
cs-cart cs-cart_multivendor 4.0.2
cs-cart cs-cart_multivendor 4.2.4
cs-cart cs-cart_multivendor 4.3.4
cs-cart cs-cart 4.2.4
cs-cart cs-cart 4.2.2
cs-cart cs-cart 4.3.3
cs-cart cs-cart 4.2.3
cs-cart cs-cart 4.3.8
cs-cart cs-cart 4.1.2
cs-cart cs-cart 4.3.10
cs-cart cs-cart 4.3.9
cs-cart cs-cart 4.0.1
cs-cart cs-cart_multivendor 4.3.8
cs-cart cs-cart_multivendor 4.3.5
cs-cart cs-cart_multivendor 4.3.6
cs-cart cs-cart 4.1.1
cs-cart cs-cart_multivendor 4.3.1
cs-cart cs-cart 4.0.3
cs-cart cs-cart 4.3.2
cs-cart cs-cart_multivendor 4.1.3
cs-cart cs-cart 4.0.2
cs-cart cs-cart 4.3.4
cs-cart cs-cart_multivendor 4.0.1
cs-cart cs-cart 4.3.7
cs-cart cs-cart_multivendor 4.3.7
cs-cart cs-cart_multivendor 4.1.1
cs-cart cs-cart 4.3.1
cs-cart cs-cart 4.2.1
cs-cart cs-cart_multivendor 4.2.2
cs-cart cs-cart_multivendor 4.3.2
cs-cart cs-cart 4.3.5
cs-cart cs-cart_multivendor 4.0.3
cs-cart cs-cart_multivendor 4.2.1
cs-cart cs-cart 4.1.4
CVE-2017-15673 HIGH

The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
cs-cart cs-cart *
CVE-2017-2138 MEDIUM

Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
cs-cart cs-cart_multivendor *
cs-cart cs-cart *
CVE-2021-32202 MEDIUM

In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
cs-cart cs-cart 4.11.1
CVE-2023-26686

File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
cs-cart cs-cart_multivendor 4.16.1
CVE-2023-26687

Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the product_data parameter in the PDF Add-on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
cs-cart cs-cart_multivendor 4.16.1
CVE-2023-26688

Cross Site Scripting (XSS) vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the product_data parameter of add/edit product in the administration interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
cs-cart cs-cart_multivendor 4.16.1
CVE-2023-26689

An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
cs-cart cs-cart_multivendor 4.16.1
CVE-2023-26690

File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
cs-cart cs-cart_multivendor 4.16.1
CVE-2023-26691

Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when installing a new add-on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
cs-cart cs-cart_multivendor 4.16.1
CVE-2025-50847

Cross Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
cs-cart cs-cart 4.18.3
CVE-2025-50848

A file upload vulnerability was discovered in CS Cart 4.18.3, allows attackers to execute arbitrary code. CS Cart 4.18.3 allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This allows an attacker to upload a crafted HTML file containing malicious content, such as a fake login form for credential harvesting or scripts for Cross-Site Scripting (XSS) attacks. Since the content is served from a trusted domain, it significantly increases the likelihood of successful phishing or script execution against other users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
cs-cart cs-cart 4.18.3
CVE-2025-50850

An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and passwords (brute-force attack) to gain unauthorized access to vendor accounts. The absence of any blocking mechanism makes the login endpoint susceptible to automated attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 3.9 4.7

Products Affected

Vendor Product Version
cs-cart cs-cart 4.18.3