CVE-2026-45714 CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates, Invoices, Documents, and Contact Forms. The application unsafely evaluates user-supplied input using the...

CVE-2026-45714

CubeCart prior to version 6.7.0 is affected by an Authenticated Server-Side Template Injection (SSTI) in multiple modules (Email Templates, Invoices, Documents, Contact Forms). The issue arises from unsafely evaluating user-supplied input with the Smarty template engine without enabling Smarty Se...

CVE-2026-45714 CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates, Invoices, Documents, and Contact Forms. The application unsafely evaluates user-supplied input using the...

CVE-2026-44377

CVE-2026-44377 affects CubeCart before version 6.7.0. It describes an authenticated SSTI in multiple modules (including Email Templates and Documents) where user-supplied input is unsafely evaluated by the Smarty template engine. An authenticated administrator can bypass restrictions and invoke n...

CVE-2026-44377 CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates and Documents. The application unsafely evaluates user-supplied input directly through the Smarty templat...

CVE-2026-44377 CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates and Documents. The application unsafely evaluates user-supplied input directly through the Smarty templat...

The vulnerability of PHP Smarty template handlers relates to improper code generation during the processing of invalid function names, allowing attackers to execute arbitrary code.

The vulnerability of PHP Smarty templates relates to improper handling of code generation when processing invalid function names. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

SQL Injection Vulnerability in UQCMS Cloud Business System (CNVD-2020-26524)

UQCMS cloud business system is programmed with PHP + MYSQL, the template uses smarty templates, the front and back end is separated from a B2B2C e-commerce software. UQCMS Cloud Business System has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information...

SQL injection vulnerability in the front-end me***.cl***.php page of UQCMS cloud business system

UQCMS cloud business system is programmed with PHP + MYSQL, the template uses smarty templates, the front and back end is separated from a B2B2C e-commerce software. SQL injection vulnerability exists in the front-end me.cl.php page of UQCMS Cloud Business System. An attacker can exploit the...

Sillaj time tracking tool Authentication Bypass

No description provided by source. Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Sillaj Authentication Bypass Vendor url:http://sillaj.sourceforge.net/ Version:1 Published: 2010-07-11 Greetz to:r0073r inj3ct0r.com, Sid3^effects, MaYur, MA1201, Sonic Bluehat, Sai, KD, M4n0j...

Bitweaver CMS 2.8.1 Cross Site Scripting

/. /\ /\ /\ /\ / / // | | \ \ \ \ / / / /// / // / / / /// / // | / / \ | | | / \ / / / / .\ / / \ / / \ / / .\ / / \ / / \ | |/ \ / / / | | |/ \ | / / / / / / / / / / / / / / | | | \ // / /||/ /| // \// / // / /\// / // / /||| / / / / / / / / / / / / / /...

Sillaj Time Tracking Tool SQL Injection

Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Sillaj Authentication Bypass Vendor url:http://sillaj.sourceforge.net/ Version:1 Published: 2010-07-11 Greetz to:r0073r inj3ct0r.com, Sid3^effects, MaYur, MA1201, Sonic Bluehat, Sai, KD, M4n0j. Special Greetz: Topsecure.net, inj3ct...

Sillaj time tracking tool - Authentication Bypass

Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Sillaj Authentication Bypass Vendor url:http://sillaj.sourceforge.net/ Version:1 Published: 2010-07-11 Greetz to:r0073r inj3ct0r.com, Sid3^effects, MaYur, MA1201, Sonic Bluehat, Sai, KD, M4n0j. Special Greetz: Topsecure.net, inj3ct...

Sillaj time tracking tool - Authentication Bypass

Sillaj time tracking tool - Authentication Bypass Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Sillaj Authentication Bypass Vendor url:http://sillaj.sourceforge.net/ Version:1 Published: 2010-07-11 Greetz to:r0073r inj3ct0r.com, Sid3^effects, MaYur, MA1201, Sonic Bluehat, Sai...