CVE-2023-26686

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Sep 25, 2024

Updated: Sep 26, 2024

CWE ID 434

Summary

CVE-2023-26686 is a critical file upload vulnerability affecting CS-Cart MultiVendor version 4.16.1, which allows remote attackers to execute arbitrary code through the image upload feature during shop customization. The vulnerability has an exploitability score of 3.9 and a base score of 9.8, indicating a high risk to organizations due to potential integrity and confidentiality impacts. This flaw requires no user interaction and can be exploited over the network, making it particularly dangerous. To remediate this issue, users should upgrade to a patched version of CS-Cart MultiVendor that addresses this vulnerability. If left unaddressed, organizations risk significant data breaches and unauthorized access to their systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database