CVE-2025-50850

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Name of the Vulnerable Software and Affected Versions CS Cart version 4.18.3

Description The vendor login functionality lacks essential security controls, such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and passwords (brute-force attack) to gain unauthorized access to vendor accounts. The absence of any blocking mechanism makes the login endpoint susceptible to automated attacks.

Recommendations Implement CAPTCHA verification on the vendor login endpoint. Implement rate limiting on the vendor login endpoint.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-804

Related Identifiers

CVE-2025-50850

Affected Products

Cs-Cart

CVE-2025-50850

Weakness Enumeration

Related Identifiers

Affected Products

References · 8