AbanteCart 1.4.2
Approved changes feed: RSS · Atom
cpe:2.3:a:abantecart:abantecart:1.4.2:*:*:*:*:*:*:*
part: a version: 1.4.2 update: *
| Vendor | Abantecart (3857097e-9662-5e7d-b290-ff0ef57eae1f) |
|---|---|
| Product | Abantecart (11871acc-6bd8-5a79-bec4-2b97478c1f45) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:docker/abantecart |
purl2cpe | 2026-06-01 10:12:29.713386 |
pkg:docker/abantecart/abantecart |
purl2cpe | 2026-06-01 10:12:29.713387 |
pkg:github/abantecart/abantecart-src |
purl2cpe | 2026-06-01 10:12:29.713388 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-50972 |
vulnerable | 2026-06-03 15:01:58.723650 |
Details available
SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute arbitrary SQL commands via the tmpl_id parameter to index.php. Three techniques have been demonstrated: error-based injection using a crafted FLOOR-based payload, time-based blind injection via SLEEP(), and UNION-based injection to extract arbitrary data.
Published: 2025-08-27T00:00:00.000Z
Updated: 2025-08-27T17:36:56.344Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-50971 |
vulnerable | 2026-06-03 15:01:58.723031 |
Details available
Directory traversal vulnerability in AbanteCart version 1.4.2 allows unauthenticated attackers to gain access to sensitive system files via the template parameter to index.php.
Published: 2025-08-26T00:00:00.000Z
Updated: 2025-09-04T14:33:41.434Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.