CVE-2025-50850
BaseFortify
Publication date: 2025-07-31
Last updated on: 2025-08-06
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cs-cart | cs-cart | 4.18.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-804 | The product uses a CAPTCHA challenge, but the challenge can be guessed or automatically recognized by a non-human actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in CS Cart 4.18.3 involves the vendor login functionality lacking important security measures such as CAPTCHA and rate limiting. Because of this, attackers can perform brute-force attacks by trying many username and password combinations without being blocked, potentially gaining unauthorized access to vendor accounts.
How can this vulnerability impact me? :
The vulnerability can allow attackers to gain unauthorized access to vendor accounts by systematically guessing login credentials. This can lead to compromised accounts, unauthorized actions, data breaches, and potential disruption of vendor operations.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, implement security controls on the vendor login functionality such as CAPTCHA verification and rate limiting to prevent automated brute-force attacks. Additionally, monitor login attempts for unusual activity and consider temporarily disabling vendor login if possible until proper protections are in place.