Cubecart Security Vulnerabilities and Issues — Cubecart CVE List

Lucene search

DevellionCubecart

11 matches found

CVE•added 2006/01/03 10:3 p.m.•71 views

CVE-2006-0064

PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the glob[rootDir] parameter.

7.5CVSS7.5AI score0.03818EPSS

CVE•added 2006/09/01 11:4 p.m.•57 views

CVE-2006-4525

Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array.

4.3CVSS5.7AI score0.02167EPSS

CVE•added 2006/08/21 9:4 p.m.•47 views

CVE-2006-4267

Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php.

7.5CVSS8.5AI score0.01564EPSS

CVE•added 2006/02/28 11:2 a.m.•46 views

CVE-2006-0922

CubeCart 3.0 through 3.6 does not properly check authorization for an administration session because of a missing auth.inc.php include, which results in an absolute path traversal vulnerability in FileUpload in connector.php (aka upload.php) that allows remote attackers to upload arbitrary files vi...

5CVSS6.8AI score0.0832EPSS

CVE•added 2006/09/01 11:4 p.m.•43 views

CVE-2006-4527

includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion attacks.

2.6CVSS6.8AI score0.00465EPSS

CVE•added 2006/09/01 11:4 p.m.•39 views

CVE-2006-4526

SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the searchArray[] parameter.

7.5CVSS8.4AI score0.00596EPSS

CVE•added 2006/10/03 4:3 a.m.•37 views

CVE-2006-5108

Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to inject arbitrary web script or HTML via the order_id parameter in (1) admin/print_order.php and (2) view_order.php; the (3) site_url and (4) la_search_home parameters and (5) certain language p...

6.8CVSS6AI score0.01716EPSS

CVE•added 2006/01/18 2:0 a.m.•35 views

CVE-2006-0245

Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7-pl1 allow remote attackers to inject arbitrary web script or HTML via the (3) redir, (4) productId, (5) docId, (6) act, and (7) catId parameters in index.php; and the (8) username field in a login action in index.php. NOTE: the c...

4.3CVSS5.6AI score0.07397EPSS

CVE•added 2006/10/03 4:3 a.m.•35 views

CVE-2006-5107

Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter in admin/forgot_pass.php, (2) the order_id parameter in view_order.php, (3) the view_doc parameter in view_doc.php, and (4) the order_id parame...

7.5CVSS8.9AI score0.00286EPSS

CVE•added 2006/10/03 4:3 a.m.•33 views

CVE-2006-5109

Devellion CubeCart 2.0.x allows remote attackers to obtain sensitive information via a direct request for (1) link_navi.php or (2) spotlight.php, which reveals the path in various error messages. NOTE: the information.php, language.php, list_docs.php, popular_prod.php, sale.php, check_sum.php, and ...

5CVSS6.1AI score0.00404EPSS

CVE•added 2006/08/21 9:4 p.m.•31 views

CVE-2006-4268

Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file, (2) x, and (3) y parameters in (a) admin/filemanager/preview.php; and the (4) email parameter in (b) admin/login.php.

6.8CVSS5.8AI score0.03931EPSS