Filtered by vendor Cubecart
Subscriptions
Total
22 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-34832 | 1 Cubecart | 1 Cubecart | 2024-11-21 | 9.8 Critical |
Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters. | ||||
CVE-2024-33438 | 1 Cubecart | 1 Cubecart | 2024-11-21 | 8 High |
File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file. | ||||
CVE-2023-47675 | 1 Cubecart | 1 Cubecart | 2024-11-21 | 7.2 High |
CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. | ||||
CVE-2023-47283 | 1 Cubecart | 1 Cubecart | 2024-11-21 | 4.9 Medium |
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system. | ||||
CVE-2023-42428 | 1 Cubecart | 1 Cubecart | 2024-11-21 | 6.5 Medium |
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system. | ||||
CVE-2023-38130 | 1 Cubecart | 1 Cubecart | 2024-11-21 | 8.1 High |
Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system. | ||||
CVE-2021-33394 | 1 Cubecart | 1 Cubecart | 2024-11-21 | 5.4 Medium |
Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user's account through the active session. | ||||
CVE-2018-20716 | 1 Cubecart | 1 Cubecart | 2024-11-21 | N/A |
CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature. | ||||
CVE-2018-20703 | 1 Cubecart | 1 Cubecart | 2024-11-21 | N/A |
CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string. | ||||
CVE-2017-2117 | 1 Cubecart | 1 Cubecart | 2024-11-21 | N/A |
Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors. | ||||
CVE-2017-2098 | 1 Cubecart | 1 Cubecart | 2024-11-21 | N/A |
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | ||||
CVE-2017-2090 | 1 Cubecart | 1 Cubecart | 2024-11-21 | N/A |
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | ||||
CVE-2015-6928 | 1 Cubecart | 1 Cubecart | 2024-11-21 | N/A |
classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter. | ||||
CVE-2014-2341 | 1 Cubecart | 1 Cubecart | 2024-11-21 | N/A |
Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter. | ||||
CVE-2013-1465 | 1 Cubecart | 1 Cubecart | 2024-11-21 | 9.8 Critical |
The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object. | ||||
CVE-2012-0865 | 1 Cubecart | 1 Cubecart | 2024-11-21 | N/A |
Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php. | ||||
CVE-2011-3724 | 1 Cubecart | 1 Cubecart | 2024-11-21 | N/A |
CubeCart 4.4.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/shipping/USPS/calc.php and certain other files. | ||||
CVE-2010-4903 | 1 Cubecart | 1 Cubecart | 2024-11-21 | N/A |
SQL injection vulnerability in index.php in CubeCart 4.3.3 allows remote attackers to execute arbitrary SQL commands via the searchStr parameter. | ||||
CVE-2010-1931 | 1 Cubecart | 1 Cubecart | 2024-11-21 | N/A |
SQL injection vulnerability in includes/content/cart.inc.php in CubeCart PHP Shopping cart 4.3.4 through 4.3.9 allows remote attackers to execute arbitrary SQL commands via the shipKey parameter to index.php. | ||||
CVE-2009-4060 | 1 Cubecart | 1 Cubecart | 2024-11-21 | N/A |
SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter. |