Cubecart: >> Cubecart >> 4.0.1 Security Vulnerabilities
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system.
CVSS Score
6.5
EPSS Score
0.017
Published
2023-11-17
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system.
CVSS Score
4.9
EPSS Score
0.003
Published
2023-11-17
CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.
CVSS Score
7.2
EPSS Score
0.006
Published
2023-11-17
CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-01-15
Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors.
CVSS Score
4.9
EPSS Score
0.017
Published
2017-04-28
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
CVSS Score
6.5
EPSS Score
0.034
Published
2017-04-28
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
CVSS Score
6.5
EPSS Score
0.015
Published
2017-04-28
Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
CVSS Score
6.8
EPSS Score
0.051
Published
2014-04-22
SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter.
CVSS Score
7.5
EPSS Score
0.002
Published
2009-11-24
Page 2