15 matches found
EUVD-2005-0608
Malware in sbrugna...
EUVD-2009-4031
Malware in sbrugna...
CVE-2011-3724
CubeCart 4.4.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/shipping/USPS/calc.php and certain other files...
CVE-2023-47675
CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command...
CVE-2018-20716
CubeCart before 6.1.13 has SQL Injection via the validate parameter of the "I forgot my Password!" feature...
CVE-2018-20703
CubeCart 6.2.2 has Reflected XSS via a /ADMIN-FILE/ query string...
Directory traversal
Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors...
Directory traversal
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors...
CubeCart 3.x - Remote File Upload Vulnerability
No description provided by source...
CVE-2010-4903
SQL injection vulnerability in index.php in CubeCart 4.3.3 allows remote attackers to execute arbitrary SQL commands via the searchStr parameter...
CubeCart 2.0.7 Multiple Vulnerabilities
Exploit for php platform in category web applications...
Brooky CubeCart < 3.0.7 connector.php Arbitrary File Upload
Binary data 3446.prm...
Brooky CubeCart < 3.0.4 Multiple XSS
Binary data 3244.prm...
CubeCart 3.0.3 - 'cart.php?redir' Cross-Site Scripting
source: https://www.securityfocus.com/bid/14962/info CubeCart is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code execut...
CVE-2005-0443
index.php in CubeCart 2.0.4 allows remote attackers to 1 obtain the full path for the web server or 2 conduct cross-site scripting XSS attacks via an invalid language parameter, which echoes the parameter in a PHP error message...