mrvautin expressCart Edit Product edit injection_CVE-2025-9797

4.8 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in mrvautin expressCart up to b31302f4e99c3293bd742c6d076a721e168118b0. This impacts an unknown function of the file /admin/product/edit/ of the component Edit Product Page. This manipulation causes injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

Basic Information

ID CVE-2025-9797

Source VulDB

Published Sep 1, 2025 at 22:02

Affected Product

Vendor mrvautin

Product expressCart

Version b31302f4e99c3293bd742c6d076a721e168118b0

Affected Versions mrvautin expressCart b31302f4e99c3293bd742c6d076a721e168118b0

CWE Classification

CWE-74 CWE-707

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in mrvautin expressCart up to b31302f4e99c3293bd742c6d076a721e168118b0. This impacts an unknown function of the file /admin/product/edit/ of the component Edit Product Page. This manipulation causes injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.",
    "published": "2025-09-01T22:02:06.955Z",
    "modified": "2025-09-01T22:02:06.955Z",
    "type": "cve",
    "title": "mrvautin expressCart Edit Product edit injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.322112\nhttps://vuldb.com/?ctiid.322112\nhttps://vuldb.com/?submit.641127\nhttps://github.com/mrvautin/expressCart/issues/288\nhttps://github.com/mrvautin/expressCart/issues/288#issue-3287867610",
    "id": "CVE-2025-9797",
    "bulletinFamily": "",
    "cwe": [
        "CWE-74",
        "CWE-707"
    ],
    "cvelist": null,
    "sourceData": "mrvautin expressCart b31302f4e99c3293bd742c6d076a721e168118b0",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "expressCart",
    "version": "b31302f4e99c3293bd742c6d076a721e168118b0",
    "vendor": "mrvautin",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}