Every CVE whose affected-product data names Kartatopia Piluscart, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2019-9769 — CVSS 8.8 (high): PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator.
CVE-2019-25672 — CVSS 8.2 (high): PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting…
CVE-2019-16123 — CVSS 7.5 (high): In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure.