← voltar
CVE-2025-9797

mrvautin expressCart Edit Product edit injection

CVSS 4.8 MEDIUMEPSS 0.2%CWE-707CWE-74
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.8EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
01 set 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A vulnerability was determined in mrvautin expressCart up to b31302f4e99c3293bd742c6d076a721e168118b0. This impacts an unknown function of the file /admin/product/edit/ of the component Edit Product Page. This manipulation causes injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
Produtos afetados
mrvautin · expressCart

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/mrvautin/expressCart/issues/288https://github.com/mrvautin/expressCart/issues/288#issue-3287867610https://vuldb.com/?ctiid.322112https://vuldb.com/?id.322112https://vuldb.com/?submit.641127