Vulnerability Details : CVE-2012-0865
Potential exploit
Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php.
Vulnerability category: Open redirect
Products affected by CVE-2012-0865
- cpe:2.3:a:cubecart:cubecart:*:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:3.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:3.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:3.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:3.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:3.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:3.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:3.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:3.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:3.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:3.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:3.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:3.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:cubecart:cubecart:3.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-0865
8.76%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-0865
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST |
CWE ids for CVE-2012-0865
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-0865
-
http://osvdb.org/79141
-
http://www.openwall.com/lists/oss-security/2012/02/12/4
oss-security - CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection VulnerabilityExploit
-
http://www.securitytracker.com/id?1026711
CubeCart Input Validation Flaw Lets Remote Users Conduct URL Redirection Attacks - SecurityTracker
-
http://www.openwall.com/lists/oss-security/2012/02/13/5
oss-security - Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection VulnerabilityExploit
-
http://www.securityfocus.com/bid/51966
CubeCart Multiple URI Redirection VulnerabilitiesExploit
-
http://yehg.net/lab/pr0js/advisories/%5Bcubecart_3.0.20_3.0.x%5D_open_url_redirection
Exploit
-
http://www.openwall.com/lists/oss-security/2012/02/18/1
oss-security - Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection VulnerabilityExploit
-
http://archives.neohapsis.com/archives/bugtraq/2012-02/0058.html
Exploit
-
http://osvdb.org/79140
Jump to