CVE-2023-26687

Summary

CVE-2023-26687 is a directory traversal vulnerability found in CS-Cart MultiVendor version 4.16.1, which allows remote attackers to access sensitive information through the product_data parameter in the PDF Add-on. This vulnerability has a high base score of 8.8 and poses significant risks, including high impacts on both confidentiality and integrity with low privileges required for exploitation. The attack vector is network-based, requiring no user interaction, making it relatively easy to exploit due to its low attack complexity. Organizations using affected versions should promptly apply available patches or updates to mitigate the risk of unauthorized data exposure. If left unaddressed, this vulnerability can lead to severe data breaches and compromise organizational security.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.