HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2016-4862

CVSS 8.8v3.0pub. 2017-04-20upd. 2026-05-13

Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Cs Cart

    APP
    Cs-Cart
    ≤ 4.3.9
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2025-50850HIGH8.6ten sam produkt

An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security contr...

CVE-2017-15673HIGH7.2ten sam produkt

The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbi...

CVE-2017-2138HIGH8.8ten sam produkt

Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 ...

CVE-2009-4891HIGH7.5ten sam produkt

SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 allows remote attackers to execute arbitrary ...

CVE-2008-6394HIGH7.5ten sam produkt

SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earlier allows remote attackers to execute a...