Skip to main content

Litecart

6 CVEs product

Monthly

CVE-2022-27168 MEDIUM PATCH This Month

Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Litecart
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-9018 MEDIUM POC This Month

LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF to add a user. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Litecart
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2020-9017 HIGH POC This Week

LiteCart through 2.2.1 allows CSV injection via a customer's profile. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Litecart
NVD
CVSS 3.1
8.0
EPSS
1.1%
CVE-2018-12256 HIGH PATCH This Week

admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE PHP Litecart
NVD GitHub
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-10827 HIGH PATCH This Week

LiteCart before 2.1.2 allows remote attackers to cause a denial of service (memory consumption) via URIs that do not exist, because public_html/logs/not_found.log grows without bound, and is loaded. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Litecart
NVD GitHub
CVSS 3.0
7.5
EPSS
1.8%
CVE-2014-7183 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Litecart
NVD
CVSS 2.0
4.3
EPSS
0.8%
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Litecart
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF to add a user. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Litecart
NVD
EPSS 1% CVSS 8.0
HIGH POC This Week

LiteCart through 2.2.1 allows CSV injection via a customer's profile. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Litecart
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE PHP +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

LiteCart before 2.1.2 allows remote attackers to cause a denial of service (memory consumption) via URIs that do not exist, because public_html/logs/not_found.log grows without bound, and is loaded. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Litecart
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Litecart
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy