PT-2019-14525 · Kartatopia · Kartatopia Piluscart
Published
2019-09-09
·
Updated
2024-02-14
·
CVE-2019-16123
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Kartatopia PilusCart version 1.4.1
Description
The issue arises from the mishandling of the
filename parameter in the "catalog.php" file, resulting in a Local File Disclosure vulnerability. This allows for the disclosure of sensitive files on the server.Recommendations
For Kartatopia PilusCart version 1.4.1, consider restricting access to the vulnerable "catalog.php" file until a patch is available. Avoid using the
filename parameter in the affected file to minimize the risk of exploitation.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kartatopia Piluscart