Affected Products

Vendor / product matrix with CVE counts sourced from the CPE catalog.

Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
kartatopia
13029.6%HIGH

Related CVEs

3
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2019-25672PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to extract sensitive database information.HIGH8.829.6%Apr 5, 2026
CVE-2019-16123In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure.HIGH7.5Sep 9, 2019
CVE-2019-9769PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator.NONEMar 14, 2019