Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cubecart cubecart vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-4268
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) file, (2) x, and (3) y parameters in (a) admin/filemanager/preview.php; and the (4) email parameter in (b) ...
Devellion Cubecart 3.0.3
Devellion Cubecart 3.0.7
Devellion Cubecart 3.0.6
Devellion Cubecart 3.0.11
Devellion Cubecart 3.0.4
Devellion Cubecart 3.0.7-pl1
NA
CVE-2006-4267
Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirm...
Devellion Cubecart 3.0.3
Devellion Cubecart 3.0.7
Devellion Cubecart 3.0.6
Devellion Cubecart 3.0.11
Devellion Cubecart 3.0.4
Devellion Cubecart 3.0.7-pl1
1 EDB exploit
NA
CVE-2006-0922
CubeCart 3.0 up to and including 3.6 does not properly check authorization for an administration session because of a missing auth.inc.php include, which results in an absolute path traversal vulnerability in FileUpload in connector.php (aka upload.php) that allows remote malicio...
Devellion Cubecart 3.0.0 Final
Devellion Cubecart 3.0.0 Beta
Devellion Cubecart 3.0.1
Devellion Cubecart 3.0.3
Devellion Cubecart 3.0.0 Alpha
Devellion Cubecart 3.0.6
Devellion Cubecart 3.0.2
Devellion Cubecart 3.0.0 Alpha-2
Devellion Cubecart 3.0.4
Devellion Cubecart 3.0.0 Alpha-rgf
Devellion Cubecart 3.0.5
1 EDB exploit
NA
CVE-2006-0245
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7-pl1 allow remote malicious users to inject arbitrary web script or HTML via the (3) redir, (4) productId, (5) docId, (6) act, and (7) catId parameters in index.php; and the (8) username field in a login action ...
Devellion Cubecart 3.0.7-pl1
NA
CVE-2006-0064
PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote malicious users to execute arbitrary PHP code via a URL in the glob[rootDir] parameter.
Devellion Cubecart
1 EDB exploit
NA
CVE-2005-3152
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote malicious users to inject arbitrary web script or HTML via the redir parameter to (1) cart.php or (2) index.php, or (3) the searchStr parameter in a viewCat action to index.php. Note: vectors (1) a...
Devellion Cubecart 3.0.3
Devellion Cubecart 3.0.7-pl1
2 EDB exploits
NA
CVE-2005-1033
CubeCart 2.0.6 allows remote malicious users to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) product parameter to view_pr...
Devellion Cubecart 2.0.6
4 EDB exploits
NA
CVE-2005-0606
Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 up to and including 2.0.5, as used in multiple PHP files, allows remote malicious users to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) session...
Devellion Cubecart 2.0.3
Devellion Cubecart 2.0.1
Devellion Cubecart 2.0.2
Devellion Cubecart 2.0.5
Devellion Cubecart 2.0.0
1 EDB exploit
NA
CVE-2005-0442
Directory traversal vulnerability in index.php for CubeCart 2.0.4 allows remote malicious users to read arbitrary files via the language parameter.
Devellion Cubecart 2.0.4
Devellion Cubecart 2.0.1
1 EDB exploit
NA
CVE-2005-0443
index.php in CubeCart 2.0.4 allows remote malicious users to (1) obtain the full path for the web server or (2) conduct cross-site scripting (XSS) attacks via an invalid language parameter, which echoes the parameter in a PHP error message.
Devellion Cubecart 2.0.4
Devellion Cubecart 2.0.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6267
XML injection
CVE-2024-37673
CVE-2024-6266
CVE-2024-30078
arbitrary
CVE-2024-36886
CVE-2024-5346
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »