CVE-2023-26690
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2023-26690 is a high-severity vulnerability affecting CS-Cart MultiVendor version 4.16.1, which allows remote attackers to execute arbitrary code through the File Manager/Editor component in either the vendor or admin menu. The exploitability score for this vulnerability is 2.8, with a base score of 8.8, indicating a significant risk to affected systems due to low privileges required and no user interaction necessary to exploit it. The potential impacts include high integrity and confidentiality violations, as well as severe availability issues for organizations using this software. To remediate this vulnerability, it is recommended that users upgrade to a patched version of CS-Cart MultiVendor that addresses the issue. Failure to address this vulnerability could lead to unauthorized access and control over the affected systems, posing serious security risks to an organization’s data and operations.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.