Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cubecart cubecart vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv3
CVE-2017-2117
Directory traversal vulnerability in CubeCart versions before 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors.
Cubecart Cubecart
NA
CVE-2024-34832
Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an malicious user to execute arbitrary code via a crafted file uploaded to the _g and node parameters.
1 Github repository
NA
CVE-2024-33438
File Upload vulnerability in CubeCart prior to 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file.
1 Github repository
NA
CVE-2015-6928
classes/admin.class.php in CubeCart 5.2.12 up to and including 5.2.16 and 6.x prior to 6.0.7 does not properly validate that a password reset request was made, which allows remote malicious users to change the administrator password via a recovery request with a space character i...
Cubecart Cubecart 5.2.13
Cubecart Cubecart 5.2.12
Cubecart Cubecart 6.0.2
Cubecart Cubecart 6.0.4
Cubecart Cubecart 5.2.15
Cubecart Cubecart 6.0.6
Cubecart Cubecart 6.0.5
Cubecart Cubecart 5.2.14
Cubecart Cubecart 6.0.3
Cubecart Cubecart 6.0.1
Cubecart Cubecart 6.0.0
NA
CVE-2014-2341
Session fixation vulnerability in CubeCart prior to 5.2.9 allows remote malicious users to hijack web sessions via the PHPSESSID parameter.
Cubecart Cubecart
Cubecart Cubecart 5.2.1
Cubecart Cubecart 5.2.4
Cubecart Cubecart 5.2.2
Cubecart Cubecart 5.2.5
Cubecart Cubecart 5.2.3
Cubecart Cubecart 5.2.6
Cubecart Cubecart 5.2.7
Cubecart Cubecart 5.2.0
1 EDB exploit
NA
CVE-2012-0865
Multiple open redirect vulnerabilities in CubeCart 3.0.20 and previous versions allow remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php.
Cubecart Cubecart 3.0.9
Cubecart Cubecart 3.0.8
Cubecart Cubecart 3.0.18
Cubecart Cubecart 3.0.5
Cubecart Cubecart 3.0.14
Cubecart Cubecart 3.0.13
Cubecart Cubecart 3.0.16
Cubecart Cubecart 3.0.7
Cubecart Cubecart 3.0.19
Cubecart Cubecart
Cubecart Cubecart 3.0.0
Cubecart Cubecart 3.0.3
Cubecart Cubecart 3.0.10
Cubecart Cubecart 3.0.11
Cubecart Cubecart 3.0.2
Cubecart Cubecart 3.0.12
Cubecart Cubecart 3.0.17
Cubecart Cubecart 3.0.15
Cubecart Cubecart 3.0.6
Cubecart Cubecart 3.0.4
Cubecart Cubecart 3.0.1
3 EDB exploits
NA
CVE-2010-4903
SQL injection vulnerability in index.php in CubeCart 4.3.3 allows remote malicious users to execute arbitrary SQL commands via the searchStr parameter.
Cubecart Cubecart 4.3.3
NA
CVE-2011-3724
CubeCart 4.4.3 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/shipping/USPS/calc.php and certain other files.
Cubecart Cubecart 4.4.3
NA
CVE-2010-1931
SQL injection vulnerability in includes/content/cart.inc.php in CubeCart PHP Shopping cart 4.3.4 up to and including 4.3.9 allows remote malicious users to execute arbitrary SQL commands via the shipKey parameter to index.php.
Cubecart Cubecart 4.3.9
Cubecart Cubecart 4.3.4
Cubecart Cubecart 4.3.5
Cubecart Cubecart 4.3.6
Cubecart Cubecart 4.3.7
Cubecart Cubecart 4.3.8
1 EDB exploit
NA
CVE-2009-4060
SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart prior to 4.3.7 remote malicious users to execute arbitrary SQL commands via the productId parameter.
Cubecart Cubecart 4.0.1
Cubecart Cubecart 4.0.0
Cubecart Cubecart 3.0.9
Cubecart Cubecart 3.0.8
Cubecart Cubecart 3.0.18
Cubecart Cubecart 3.0.5
Cubecart Cubecart 4.3.4
Cubecart Cubecart 3.0.14
Cubecart Cubecart 3.0.13
Cubecart Cubecart 4.1.1
Cubecart Cubecart 4.0.3
Cubecart Cubecart 3.0.16
Cubecart Cubecart 3.0.7
Cubecart Cubecart 3.0.19
Cubecart Cubecart 4.3.5
Cubecart Cubecart 4.3.2
Cubecart Cubecart 3.0.20
Cubecart Cubecart
Cubecart Cubecart 4.3.1
Cubecart Cubecart 4.2.1
Cubecart Cubecart 3.0.0
Cubecart Cubecart 3.0.3
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »