) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:cubecart:cubecart:4.3.4:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-47675 |
CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. Published: November 17, 2023; 12:15:12 AM -0500 |
V3.1: 7.2 HIGH V2.0:(not available) |
| CVE-2023-47283 |
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system. Published: November 17, 2023; 12:15:12 AM -0500 |
V3.1: 4.9 MEDIUM V2.0:(not available) |
| CVE-2023-42428 |
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system. Published: November 17, 2023; 12:15:12 AM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2023-38130 |
Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system. Published: November 17, 2023; 12:15:12 AM -0500 |
V3.1: 8.1 HIGH V2.0:(not available) |
| CVE-2018-20716 |
CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature. Published: January 15, 2019; 11:29:00 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2017-2117 |
Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors. Published: April 28, 2017; 12:59:01 PM -0400 |
V3.0: 4.9 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2017-2098 |
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. Published: April 28, 2017; 12:59:00 PM -0400 |
V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2017-2090 |
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. Published: April 28, 2017; 12:59:00 PM -0400 |
V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2014-2341 |
Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter. Published: April 22, 2014; 9:06:29 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
| CVE-2010-1931 |
SQL injection vulnerability in includes/content/cart.inc.php in CubeCart PHP Shopping cart 4.3.4 through 4.3.9 allows remote attackers to execute arbitrary SQL commands via the shipKey parameter to index.php. Published: June 09, 2010; 8:30:07 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2009-4060 |
SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter. Published: November 23, 2009; 9:30:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2009-3904 |
classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2) X_CLUSTER_CLIENT_IP header, or (3) User-Agent header. Published: November 06, 2009; 10:30:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |