Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cubecart cubecart vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-47675
CubeCart before 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.
Cubecart Cubecart
755
VMScore
CVE-2013-1465
The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 up to and including 5.2.0 allows remote malicious users to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config ...
Cubecart Cubecart
1 EDB exploit
668
VMScore
CVE-2010-4903
SQL injection vulnerability in index.php in CubeCart 4.3.3 allows remote malicious users to execute arbitrary SQL commands via the searchStr parameter.
Cubecart Cubecart 4.3.3
445
VMScore
CVE-2011-3724
CubeCart 4.4.3 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/shipping/USPS/calc.php and certain other files.
Cubecart Cubecart 4.4.3
312
VMScore
CVE-2018-20703
CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string.
Cubecart Cubecart 6.2.2
383
VMScore
CVE-2008-1550
Multiple cross-site scripting (XSS) vulnerabilities in index.php in CubeCart 4.2.1 allow remote malicious users to inject arbitrary web script or HTML via (1) the _a parameter in a searchStr action and the (2) Submit parameter.
Cubecart Cubecart 4.2.1
755
VMScore
CVE-2009-3904
classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote malicious users to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2...
Cubecart Cubecart 4.3.4
1 EDB exploit
490
VMScore
CVE-2021-33394
Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving...
Cubecart Cubecart 6.4.2
505
VMScore
CVE-2005-0442
Directory traversal vulnerability in index.php for CubeCart 2.0.4 allows remote malicious users to read arbitrary files via the language parameter.
Devellion Cubecart 2.0.1
Devellion Cubecart 2.0.4
1 EDB exploit
435
VMScore
CVE-2005-0443
index.php in CubeCart 2.0.4 allows remote malicious users to (1) obtain the full path for the web server or (2) conduct cross-site scripting (XSS) attacks via an invalid language parameter, which echoes the parameter in a PHP error message.
Devellion Cubecart 2.0.4
Devellion Cubecart 2.0.1
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »