Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the...
8.1CVSS
7.7AI Score
0.001EPSS
CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS...
7.2CVSS
7.6AI Score
0.001EPSS
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the...
4.9CVSS
7AI Score
0.001EPSS
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the...
6.5CVSS
7.1AI Score
0.001EPSS
Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker...
5.4CVSS
5.4AI Score
0.001EPSS
CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!"...
9.8CVSS
8.9AI Score
0.002EPSS
5.4CVSS
6.1AI Score
0.001EPSS
Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified...
4.9CVSS
5AI Score
0.001EPSS
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified...
6.5CVSS
6.1AI Score
0.001EPSS