HIGH🇬🇧 English

CVE-2025-50850

CVSS 8.6v3.1pub. 2025-07-31upd. 2026-07-05

An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and passwords (brute-force attack) to gain unauthorized access to vendor accounts. The absence of any blocking mechanism makes the login endpoint susceptible to automated attacks.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
  • Cs Cart

    APP
    Cs-Cart
    4.18.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2017-15673HIGH7.2ten sam produkt

The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbi...

CVE-2017-2138HIGH8.8ten sam produkt

Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 ...

CVE-2016-4862HIGH8.8ten sam produkt

Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier a...

CVE-2009-4891HIGH7.5ten sam produkt

SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 allows remote attackers to execute arbitrary ...

CVE-2008-6394HIGH7.5ten sam produkt

SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earlier allows remote attackers to execute a...