CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.
Max CVSS
7.2
EPSS Score
0.08%
Published
2023-11-17
Updated
2023-11-22
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system.
Max CVSS
4.9
EPSS Score
0.07%
Published
2023-11-17
Updated
2023-11-22
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system.
Max CVSS
6.5
EPSS Score
0.08%
Published
2023-11-17
Updated
2023-11-22
Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system.
Max CVSS
8.1
EPSS Score
0.07%
Published
2023-11-17
Updated
2023-11-22
CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature.
Max CVSS
9.8
EPSS Score
0.21%
Published
2019-01-15
Updated
2019-01-23
Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.09%
Published
2017-04-28
Updated
2017-05-05
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.14%
Published
2017-04-28
Updated
2017-05-05
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.11%
Published
2017-04-28
Updated
2017-05-05
Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
Max CVSS
6.8
EPSS Score
16.65%
Published
2014-04-22
Updated
2017-08-29
Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php.
Max CVSS
5.8
EPSS Score
1.71%
Published
2012-02-21
Updated
2018-01-11
SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter.
Max CVSS
7.5
EPSS Score
0.27%
Published
2009-11-24
Updated
2017-08-17
11 vulnerabilities found