cpe:2.3:a:cubecart:cubecart:3.0.2:*:*:*:*:*:*:*
CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.
Max CVSS
7.2
EPSS Score
0.08%
Published
2023-11-17
Updated
2023-11-22
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system.
Max CVSS
4.9
EPSS Score
0.07%
Published
2023-11-17
Updated
2023-11-22
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system.
Max CVSS
6.5
EPSS Score
0.08%
Published
2023-11-17
Updated
2023-11-22
Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system.
Max CVSS
8.1
EPSS Score
0.07%
Published
2023-11-17
Updated
2023-11-22
CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature.
Max CVSS
9.8
EPSS Score
0.21%
Published
2019-01-15
Updated
2019-01-23
Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.09%
Published
2017-04-28
Updated
2017-05-05
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.14%
Published
2017-04-28
Updated
2017-05-05
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.11%
Published
2017-04-28
Updated
2017-05-05
Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
Max CVSS
6.8
EPSS Score
16.65%
Published
2014-04-22
Updated
2017-08-29
Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php.
Max CVSS
5.8
EPSS Score
1.71%
Published
2012-02-21
Updated
2018-01-11
SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter.
Max CVSS
7.5
EPSS Score
0.27%
Published
2009-11-24
Updated
2017-08-17
11 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!