Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cubecart cubecart vulnerabilities and exploits
(subscribe to this query)
440
VMScore
CVE-2005-3152
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote malicious users to inject arbitrary web script or HTML via the redir parameter to (1) cart.php or (2) index.php, or (3) the searchStr parameter in a viewCat action to index.php. Note: vectors (1) a...
Devellion Cubecart 3.0.3
Devellion Cubecart 3.0.7-pl1
2 EDB exploits
435
VMScore
CVE-2006-4525
Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and previous versions, when register_globals is enabled, allows remote malicious users to inject arbitrary web script or HTML via the links array.
Devellion Cubecart
1 EDB exploit
755
VMScore
CVE-2006-0064
PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote malicious users to execute arbitrary PHP code via a URL in the glob[rootDir] parameter.
Devellion Cubecart
1 EDB exploit
668
VMScore
CVE-2006-4526
SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and previous versions, when register_globals is enabled, allows remote malicious users to execute arbitrary SQL commands via the searchArray[] parameter.
Devellion Cubecart
231
VMScore
CVE-2006-4527
includes/content/gateway.inc.php in CubeCart 3.0.12 and previous versions, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote malicious users to conduct PHP remote file inclusion attacks.
Devellion Cubecart 3.0.12
520
VMScore
CVE-2005-1033
CubeCart 2.0.6 allows remote malicious users to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) product parameter to view_pr...
Devellion Cubecart 2.0.6
4 EDB exploits
445
VMScore
CVE-2007-2550
Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to (1) cart.php or (2) index.php.
Devellion Cubecart 3.0.15
668
VMScore
CVE-2007-2862
Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote malicious users to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and...
Devellion Cubecart 3.0.16
445
VMScore
CVE-2004-1579
index.php in CubeCart 2.0.1 allows remote malicious users to gain sensitive information via an HTTP request with an invalid cat_id parameter, which reveals the full path in a PHP error message.
Devellion Cubecart 2.0.1
755
VMScore
CVE-2004-1580
SQL injection vulnerability in index.php in CubeCart 2.0.1 allows remote malicious users to execute arbitrary SQL commands via the cat_id parameter.
Devellion Cubecart 2.0.1
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »