Vulnerabilities > Abantecart

DATE	CVE	VULNERABILITY TITLE	RISK
2022-03-10	CVE-2022-26521	Unrestricted Upload of File with Dangerous Type vulnerability in Abantecart Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an administrator (e.g., by configuring .php to be a valid image file type). network low complexity abantecart CWE-434	7.2
2021-12-14	CVE-2021-42050	Cross-site Scripting vulnerability in Abantecart An issue was discovered in AbanteCart before 1.3.2. network low complexity abantecart CWE-79	6.1
2021-12-14	CVE-2021-42051	Cross-site Scripting vulnerability in Abantecart An issue was discovered in AbanteCart before 1.3.2. network low complexity abantecart CWE-79	5.4
2019-05-24	CVE-2016-10755	SQL Injection vulnerability in Abantecart 1.2.8 AbanteCart 1.2.8 allows SQL Injection via the source_language parameter to admin/controller/pages/localisation/language.php and core/lib/language_manager.php, or via POST data to admin/controller/pages/tool/backup.php and admin/model/tool/backup.php. network low complexity abantecart CWE-89	8.8
2019-03-21	CVE-2018-20141	Cross-site Scripting vulnerability in Abantecart 1.2.12 AbanteCart 1.2.12 has reflected cross-site scripting (XSS) via the sort parameter, as demonstrated by a /apparel--accessories?sort= substring. network low complexity abantecart CWE-79	6.1

Vulnerabilities > Abantecart {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Abantecart"}]}