CubeCart Security Vulnerabilities

CVE-2023-38130

Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the...

CVE-2023-47675

CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS...

CVE-2023-47283

Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the...

CVE-2023-42428

Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the...

CVE-2021-33394

Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker...

CVE-2018-20716

CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!"...

CVE-2018-20703

CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query...

CVE-2017-2117

Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified...

CVE-2017-2098

Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified...