Summary A command injection vulnerability exists in CS-Cart’s HTML to PDF converter (https://github.com/cscart/pdf) allowing unauthenticated attackers to achieve remote command execution (RCE). The vulnerability only affects the HTML to PDF converter service and the default hosted service at converter.cart-services.com (maintained by CS-Cart’s development team) used by the PDF converter plugin, and does not allow for RCE against base installations of CS-Cart. Product Background In CS-Cart...
