Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cubecart cubecart vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2023-38130
Cross-site request forgery (CSRF) vulnerability in CubeCart before 6.5.3 allows a remote unauthenticated malicious user to delete data in the system.
Cubecart Cubecart
7.2
CVSSv3
CVE-2023-47675
CubeCart before 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.
Cubecart Cubecart
5.4
CVSSv3
CVE-2018-20703
CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string.
Cubecart Cubecart 6.2.2
NA
CVE-2009-3904
classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote malicious users to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2...
Cubecart Cubecart 4.3.4
1 EDB exploit
NA
CVE-2010-4903
SQL injection vulnerability in index.php in CubeCart 4.3.3 allows remote malicious users to execute arbitrary SQL commands via the searchStr parameter.
Cubecart Cubecart 4.3.3
NA
CVE-2011-3724
CubeCart 4.4.3 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/shipping/USPS/calc.php and certain other files.
Cubecart Cubecart 4.4.3
NA
CVE-2008-1550
Multiple cross-site scripting (XSS) vulnerabilities in index.php in CubeCart 4.2.1 allow remote malicious users to inject arbitrary web script or HTML via (1) the _a parameter in a searchStr action and the (2) Submit parameter.
Cubecart Cubecart 4.2.1
5.4
CVSSv3
CVE-2021-33394
Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving...
Cubecart Cubecart 6.4.2
NA
CVE-2005-0442
Directory traversal vulnerability in index.php for CubeCart 2.0.4 allows remote malicious users to read arbitrary files via the language parameter.
Devellion Cubecart 2.0.1
Devellion Cubecart 2.0.4
1 EDB exploit
NA
CVE-2005-0443
index.php in CubeCart 2.0.4 allows remote malicious users to (1) obtain the full path for the web server or (2) conduct cross-site scripting (XSS) attacks via an invalid language parameter, which echoes the parameter in a PHP error message.
Devellion Cubecart 2.0.4
Devellion Cubecart 2.0.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »