Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cubecart cubecart vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-3904
classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote malicious users to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2...
Cubecart Cubecart 4.3.4
1 EDB exploit
NA
CVE-2008-1550
Multiple cross-site scripting (XSS) vulnerabilities in index.php in CubeCart 4.2.1 allow remote malicious users to inject arbitrary web script or HTML via (1) the _a parameter in a searchStr action and the (2) Submit parameter.
Cubecart Cubecart 4.2.1
NA
CVE-2007-2862
Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote malicious users to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and...
Devellion Cubecart 3.0.16
NA
CVE-2007-2550
Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to (1) cart.php or (2) index.php.
Devellion Cubecart 3.0.15
NA
CVE-2006-5107
Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x allow remote malicious users to execute arbitrary SQL commands via (1) the user_name parameter in admin/forgot_pass.php, (2) the order_id parameter in view_order.php, (3) the view_doc parameter in view_doc.php, an...
Devellion Cubecart 2.0.3
Devellion Cubecart 2.0.4
Devellion Cubecart 2.0.1
Devellion Cubecart 2.0.2
Devellion Cubecart 2.0.5
Devellion Cubecart 2.0.6
Devellion Cubecart 2.0.0
4 EDB exploits
NA
CVE-2006-5108
Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote malicious users to inject arbitrary web script or HTML via the order_id parameter in (1) admin/print_order.php and (2) view_order.php; the (3) site_url and (4) la_search_home parameters a...
Devellion Cubecart 2.0.3
Devellion Cubecart 2.0.4
Devellion Cubecart 2.0.1
Devellion Cubecart 2.0.2
Devellion Cubecart 2.0.5
Devellion Cubecart 2.0.6
Devellion Cubecart 2.0.0
6 EDB exploits
NA
CVE-2006-5109
Devellion CubeCart 2.0.x allows remote malicious users to obtain sensitive information via a direct request for (1) link_navi.php or (2) spotlight.php, which reveals the path in various error messages. NOTE: the information.php, language.php, list_docs.php, popular_prod.php, sale...
Devellion Cubecart 2.0.3
Devellion Cubecart 2.0.4
Devellion Cubecart 2.0.1
Devellion Cubecart 2.0.2
Devellion Cubecart 2.0.5
Devellion Cubecart 2.0.6
Devellion Cubecart 2.0.0
NA
CVE-2006-4525
Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and previous versions, when register_globals is enabled, allows remote malicious users to inject arbitrary web script or HTML via the links array.
Devellion Cubecart
1 EDB exploit
NA
CVE-2006-4526
SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and previous versions, when register_globals is enabled, allows remote malicious users to execute arbitrary SQL commands via the searchArray[] parameter.
Devellion Cubecart
NA
CVE-2006-4527
includes/content/gateway.inc.php in CubeCart 3.0.12 and previous versions, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote malicious users to conduct PHP remote file inclusion attacks.
Devellion Cubecart 3.0.12
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »