2 matches found
CVE-2025-59413
CubeCart is an ecommerce software solution. Prior to version 6.5.11, a logic flaw exists in the newsletter subscription endpoint that allows an attacker to unsubscribe any user without their consent. By changing the value of the forceunsubscribe parameter in the POST request to 1, an attacker can...
PT-2025-38745
Name of the Vulnerable Software and Affected Versions CubeCart versions prior to 6.5.11 Description A flaw exists in the newsletter subscription functionality that permits unauthorized user unsubscription. An attacker can manipulate the force unsubscribe parameter in a POST request to the...