Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cubecart cubecart vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-33438
File Upload vulnerability in CubeCart prior to 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file.
1 Github repository
7.2
CVSSv3
CVE-2023-47675
CubeCart before 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.
Cubecart Cubecart
6.5
CVSSv3
CVE-2023-42428
Directory traversal vulnerability in CubeCart before 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system.
Cubecart Cubecart
4.9
CVSSv3
CVE-2023-47283
Directory traversal vulnerability in CubeCart before 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system.
Cubecart Cubecart
8.1
CVSSv3
CVE-2023-38130
Cross-site request forgery (CSRF) vulnerability in CubeCart before 6.5.3 allows a remote unauthenticated malicious user to delete data in the system.
Cubecart Cubecart
5.4
CVSSv3
CVE-2021-33394
Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving...
Cubecart Cubecart 6.4.2
9.8
CVSSv3
CVE-2018-20716
CubeCart prior to 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature.
Cubecart Cubecart
5.4
CVSSv3
CVE-2018-20703
CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string.
Cubecart Cubecart 6.2.2
6.5
CVSSv3
CVE-2017-2090
Directory traversal vulnerability in CubeCart versions before 6.1.4 allows remote authenticated malicious users to read arbitrary files via unspecified vectors.
Cubecart Cubecart
6.5
CVSSv3
CVE-2017-2098
Directory traversal vulnerability in CubeCart versions before 6.1.4 allows remote authenticated malicious users to read arbitrary files via unspecified vectors.
Cubecart Cubecart
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »