Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2006-0922

Published: 28/02/2006 Updated: 18/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Devellion

Vulnerability Summary

CubeCart 3.0 up to and including 3.6 does not properly check authorization for an administration session because of a missing auth.inc.php include, which results in an absolute path traversal vulnerability in FileUpload in connector.php (aka upload.php) that allows remote malicious users to upload arbitrary files via a modified CurrentFolder parameter in a direct request to admin/filemanager/upload.php.

Vulnerable Product Search on Vulmon Subscribe to Product

devellion cubecart 3.0.0_final

devellion cubecart 3.0.1

devellion cubecart 3.0.0_alpha-rgf

devellion cubecart 3.0.0_beta

devellion cubecart 3.0.6

devellion cubecart 3.0.2

devellion cubecart 3.0.3

devellion cubecart 3.0.0_alpha

devellion cubecart 3.0.0_alpha-2

devellion cubecart 3.0.4

devellion cubecart 3.0.5

Exploits

Exploit DB: CubeCart 3.0.x - Arbitrary File Upload
source: wwwsecurityfocuscom/bid/16796/info CubeCart is prone to an arbitrary file-upload vulnerability An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process This may facilitate unauthorized access or privilege escalation; other attacks are also possible <form ac ...

References

NVD-CWE-Otherhttp://www.cubecart.com/site/forums/index.php?showtopic=14817http://www.cubecart.com/site/forums/index.php?showtopic=14825http://www.cubecart.com/site/forums/index.php?showtopic=14960http://www.cubecart.com/site/forums/index.php?showtopic=14972http://www.nsag.ru/vuln/892.htmlhttp://www.cubecart.com/site/forums/index.php?showtopic=14704http://www.securityfocus.com/bid/16796http://securityreason.com/securityalert/482https://exchange.xforce.ibmcloud.com/vulnerabilities/24883http://www.securityfocus.com/archive/1/425931/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/27304/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code executionCVE-2024-34909CVE-2024-3317SSTICVE-2024-3400CVE-2024-30051wirelessCVE-2024-4622CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook