Search
Search Results (29 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-4060 | 1 Cubecart | 1 Cubecart | 2025-04-09 | N/A |
| SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter. | ||||
| CVE-2024-34832 | 1 Cubecart | 1 Cubecart | 2025-02-13 | 9.8 Critical |
| Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters. | ||||
| CVE-2023-38130 | 1 Cubecart | 1 Cubecart | 2025-01-06 | 8.1 High |
| Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system. | ||||
| CVE-2023-47675 | 1 Cubecart | 1 Cubecart | 2024-11-21 | 7.2 High |
| CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. | ||||
| CVE-2023-47283 | 1 Cubecart | 1 Cubecart | 2024-11-21 | 4.9 Medium |
| Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system. | ||||
| CVE-2023-42428 | 1 Cubecart | 1 Cubecart | 2024-11-21 | 6.5 Medium |
| Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system. | ||||
| CVE-2021-33394 | 1 Cubecart | 1 Cubecart | 2024-11-21 | 5.4 Medium |
| Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user's account through the active session. | ||||
| CVE-2018-20716 | 1 Cubecart | 1 Cubecart | 2024-11-21 | N/A |
| CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature. | ||||
| CVE-2018-20703 | 1 Cubecart | 1 Cubecart | 2024-11-21 | N/A |
| CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string. | ||||