CVE-2023-26689

Summary

CVE-2023-26689 is a critical vulnerability affecting CS-Cart MultiVendor version 4.16.1, which allows attackers to modify arbitrary user account profiles through crafted post requests. The vulnerability scores 9.8 on the CVSS scale, indicating a high level of severity with potential impacts on confidentiality, integrity, and availability. It does not require user interaction or elevated privileges, making it particularly dangerous as it can be exploited remotely with low complexity. To remediate this issue, organizations should update to the latest version of CS-Cart MultiVendor that addresses this vulnerability. Failure to address this flaw may result in unauthorized access and manipulation of sensitive user data within affected systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.