Cubecart: >> Cubecart >> 6.5.11 Security Vulnerabilities
An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command.
CVSS Score
8.6
EPSS Score
0.002
Published
2026-04-17
An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-04-17
A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-04-17