CVE-2023-26691

Summary

CVE-2023-26691 is a Directory Traversal vulnerability affecting CS-Cart MultiVendor version 4.16.1, which enables remote attackers to execute arbitrary code through a specially crafted zip file during the installation of new add-ons. This vulnerability has a high severity rating with a CVSS score of 7.2, indicating significant potential risks, including high impacts on confidentiality, integrity, and availability. Attackers can exploit this issue over the network without requiring user interaction, but it demands high privileges to execute successfully. To remediate this vulnerability, organizations should update to the latest version of CS-Cart MultiVendor to ensure protection against such attacks. If exploited, this vulnerability could lead to severe security breaches within an organization’s systems and data.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.