Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cubecart cubecart vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-20716
CubeCart prior to 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature.
Cubecart Cubecart
9.8
CVSSv3
CVE-2013-1465
The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 up to and including 5.2.0 allows remote malicious users to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config ...
Cubecart Cubecart
1 EDB exploit
8.1
CVSSv3
CVE-2023-38130
Cross-site request forgery (CSRF) vulnerability in CubeCart before 6.5.3 allows a remote unauthenticated malicious user to delete data in the system.
Cubecart Cubecart
7.2
CVSSv3
CVE-2023-47675
CubeCart before 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.
Cubecart Cubecart
6.5
CVSSv3
CVE-2023-42428
Directory traversal vulnerability in CubeCart before 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system.
Cubecart Cubecart
6.5
CVSSv3
CVE-2017-2090
Directory traversal vulnerability in CubeCart versions before 6.1.4 allows remote authenticated malicious users to read arbitrary files via unspecified vectors.
Cubecart Cubecart
6.5
CVSSv3
CVE-2017-2098
Directory traversal vulnerability in CubeCart versions before 6.1.4 allows remote authenticated malicious users to read arbitrary files via unspecified vectors.
Cubecart Cubecart
5.4
CVSSv3
CVE-2021-33394
Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving...
Cubecart Cubecart 6.4.2
5.4
CVSSv3
CVE-2018-20703
CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string.
Cubecart Cubecart 6.2.2
4.9
CVSSv3
CVE-2023-47283
Directory traversal vulnerability in CubeCart before 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system.
Cubecart Cubecart
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »