CVE-2025-9797
4.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
Summary
A vulnerability was determined in mrvautin expressCart up to b31302f4e99c3293bd742c6d076a721e168118b0. This impacts an unknown function of the file /admin/product/edit/ of the component Edit Product Page. This manipulation causes injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| mrvautin | expressCart | b31302f4e99c3293bd742c6d076a721e168118b0 | affected |
Weaknesses
- CWE-74: Injection
- CWE-707: Improper Neutralization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://vuldb.com/?id.322112
- https://vuldb.com/?ctiid.322112
- https://vuldb.com/?submit.641127
- https://github.com/mrvautin/expressCart/issues/288
- https://github.com/mrvautin/expressCart/issues/288#issue-3287867610
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.