Cubecart@2.0.1 Security Vulnerabilities and Issues — Cubecart@2.0.1 CVE List

Lucene search

DevellionCubecart2.0.1

9 matches found

CVE•added 2005/05/02 4:0 a.m.•45 views

CVE-2005-0607

CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the full path of the server via direct calls without parameters to (1) information.php, (2) language.php, (3) list_docs.php, (4) popular_prod.php, (5) sale.php, (6) subfooter.inc.php, (7) subheader.inc.php, (8) cat_navi.php, or (9) c...

5CVSS6.7AI score0.00404EPSS

CVE•added 2005/05/02 4:0 a.m.•43 views

CVE-2005-0606

Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) session, (6) catname, (7) search, or (8) pag...

4.3CVSS6AI score0.07955EPSS

CVE•added 2005/05/02 4:0 a.m.•40 views

CVE-2005-0443

index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the full path for the web server or (2) conduct cross-site scripting (XSS) attacks via an invalid language parameter, which echoes the parameter in a PHP error message.

4.3CVSS5.9AI score0.00509EPSS

CVE•added 2005/02/20 5:0 a.m.•37 views

CVE-2004-1580

SQL injection vulnerability in index.php in CubeCart 2.0.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

7.5CVSS8.4AI score0.00824EPSS

CVE•added 2006/10/03 4:3 a.m.•37 views

CVE-2006-5108

Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to inject arbitrary web script or HTML via the order_id parameter in (1) admin/print_order.php and (2) view_order.php; the (3) site_url and (4) la_search_home parameters and (5) certain language p...

6.8CVSS6AI score0.01716EPSS

CVE•added 2006/10/03 4:3 a.m.•35 views

CVE-2006-5107

Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter in admin/forgot_pass.php, (2) the order_id parameter in view_order.php, (3) the view_doc parameter in view_doc.php, and (4) the order_id parame...

7.5CVSS8.9AI score0.00286EPSS

CVE•added 2005/02/20 5:0 a.m.•34 views

CVE-2004-1579

index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive information via an HTTP request with an invalid cat_id parameter, which reveals the full path in a PHP error message.

5CVSS7AI score0.00346EPSS

CVE•added 2005/05/02 4:0 a.m.•34 views

CVE-2005-0442

Directory traversal vulnerability in index.php for CubeCart 2.0.4 allows remote attackers to read arbitrary files via the language parameter.

5CVSS6.8AI score0.08911EPSS

CVE•added 2006/10/03 4:3 a.m.•33 views

CVE-2006-5109

Devellion CubeCart 2.0.x allows remote attackers to obtain sensitive information via a direct request for (1) link_navi.php or (2) spotlight.php, which reveals the path in various error messages. NOTE: the information.php, language.php, list_docs.php, popular_prod.php, sale.php, check_sum.php, and ...

5CVSS6.1AI score0.00404EPSS