Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
devellion cubecart vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2006-0922
CubeCart 3.0 up to and including 3.6 does not properly check authorization for an administration session because of a missing auth.inc.php include, which results in an absolute path traversal vulnerability in FileUpload in connector.php (aka upload.php) that allows remote malicio...
Devellion Cubecart 3.0.0 Final
Devellion Cubecart 3.0.1
Devellion Cubecart 3.0.0 Alpha-rgf
Devellion Cubecart 3.0.0 Beta
Devellion Cubecart 3.0.6
Devellion Cubecart 3.0.2
Devellion Cubecart 3.0.3
Devellion Cubecart 3.0.0 Alpha
Devellion Cubecart 3.0.0 Alpha-2
Devellion Cubecart 3.0.4
Devellion Cubecart 3.0.5
1 EDB exploit
6.8
CVSSv2
CVE-2006-5108
Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote malicious users to inject arbitrary web script or HTML via the order_id parameter in (1) admin/print_order.php and (2) view_order.php; the (3) site_url and (4) la_search_home parameters a...
Devellion Cubecart 2.0.5
Devellion Cubecart 2.0.6
Devellion Cubecart 2.0.2
Devellion Cubecart 2.0.3
Devellion Cubecart 2.0.4
Devellion Cubecart 2.0.0
Devellion Cubecart 2.0.1
6 EDB exploits
7.5
CVSSv2
CVE-2006-5107
Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x allow remote malicious users to execute arbitrary SQL commands via (1) the user_name parameter in admin/forgot_pass.php, (2) the order_id parameter in view_order.php, (3) the view_doc parameter in view_doc.php, an...
Devellion Cubecart 2.0.4
Devellion Cubecart 2.0.5
Devellion Cubecart 2.0.2
Devellion Cubecart 2.0.3
Devellion Cubecart 2.0.6
Devellion Cubecart 2.0.0
Devellion Cubecart 2.0.1
4 EDB exploits
5
CVSSv2
CVE-2006-5109
Devellion CubeCart 2.0.x allows remote malicious users to obtain sensitive information via a direct request for (1) link_navi.php or (2) spotlight.php, which reveals the path in various error messages. NOTE: the information.php, language.php, list_docs.php, popular_prod.php, sale...
Devellion Cubecart 2.0.5
Devellion Cubecart 2.0.6
Devellion Cubecart 2.0.3
Devellion Cubecart 2.0.4
Devellion Cubecart 2.0.0
Devellion Cubecart 2.0.1
Devellion Cubecart 2.0.2
7.5
CVSSv2
CVE-2006-4267
Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirm...
Devellion Cubecart 3.0.7-pl1
Devellion Cubecart 3.0.6
Devellion Cubecart 3.0.7
Devellion Cubecart 3.0.3
Devellion Cubecart 3.0.4
Devellion Cubecart 3.0.11
1 EDB exploit
6.8
CVSSv2
CVE-2006-4268
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) file, (2) x, and (3) y parameters in (a) admin/filemanager/preview.php; and the (4) email parameter in (b) ...
Devellion Cubecart 3.0.7-pl1
Devellion Cubecart 3.0.6
Devellion Cubecart 3.0.7
Devellion Cubecart 3.0.11
Devellion Cubecart 3.0.3
Devellion Cubecart 3.0.4
5
CVSSv2
CVE-2005-0607
CubeCart 2.0.0 up to and including 2.0.5 allows remote malicious users to determine the full path of the server via direct calls without parameters to (1) information.php, (2) language.php, (3) list_docs.php, (4) popular_prod.php, (5) sale.php, (6) subfooter.inc.php, (7) subheade...
Devellion Cubecart 2.0.3
Devellion Cubecart 2.0.1
Devellion Cubecart 2.0.2
Devellion Cubecart 2.0.5
Devellion Cubecart 2.0.0
4.3
CVSSv2
CVE-2005-0606
Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 up to and including 2.0.5, as used in multiple PHP files, allows remote malicious users to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) session...
Devellion Cubecart 2.0.3
Devellion Cubecart 2.0.1
Devellion Cubecart 2.0.2
Devellion Cubecart 2.0.0
Devellion Cubecart 2.0.5
1 EDB exploit
5
CVSSv2
CVE-2005-0442
Directory traversal vulnerability in index.php for CubeCart 2.0.4 allows remote malicious users to read arbitrary files via the language parameter.
Devellion Cubecart 2.0.1
Devellion Cubecart 2.0.4
1 EDB exploit
4.3
CVSSv2
CVE-2005-0443
index.php in CubeCart 2.0.4 allows remote malicious users to (1) obtain the full path for the web server or (2) conduct cross-site scripting (XSS) attacks via an invalid language parameter, which echoes the parameter in a PHP error message.
Devellion Cubecart 2.0.4
Devellion Cubecart 2.0.1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »