2 matches found
CubeCart 3.x Shell Upload
============================================================================== » CubeCart v 3.x Remote File Upload Vulnerability ============================================================================== » Title : CubeCart v 3.x Remote Shell Upload Vulnerability » Script : CubeCart v3.x »...
CVE-2006-0922
CubeCart 3.0 through 3.6 does not properly check authorization for an administration session because of a missing auth.inc.php include, which results in an absolute path traversal vulnerability in FileUpload in connector.php aka upload.php that allows remote attackers to upload arbitrary files vi...