Vulnerabilities > CVE-2005-0443 - Multiple vulnerability in Brooky Cubecart 2.0.1/2.0.4
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the full path for the web server or (2) conduct cross-site scripting (XSS) attacks via an invalid language parameter, which echoes the parameter in a PHP error message.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | Brooky CubeCart 2.0.1/2.0.4 ndex.php language Parameter XSS. CVE-2005-0443. Webapps exploit for php platform |
| id | EDB-ID:25097 |
| last seen | 2016-02-03 |
| modified | 2005-02-14 |
| published | 2005-02-14 |
| reporter | John Cobb |
| source | https://www.exploit-db.com/download/25097/ |
| title | Brooky CubeCart 2.0.1/2.0.4 ndex.php language Parameter XSS |
Nessus
| NASL family | CGI abuses |
| NASL id | CUBECART_LANG_XSS.NASL |
| description | The version of CubeCart on the remote host is vulnerable to a local file include issue, along with related cross-site scripting and path disclosure issues, due to a failure to sanitize user-supplied data. Successful exploitation of this issue may allow an attacker to execute arbitrary code on the remote host, to read arbitrary files from it, to inject arbitrary HTML or script code through the affected application and into a user |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 17227 |
| published | 2005-02-28 |
| reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/17227 |
| title | CubeCart < 2.0.5 Multiple Vulnerabilities |