We received word of a major security issue in all versions of CS-Cart 4, including 4.16.2. This vulnerability could potentially let an attacker upload a PHP file to the server and execute it. We are not disclosing more details, because to our knowledge, the vulnerability hasn’t been exploited yet.
