Vulnerabilities > CVE-2005-1033 - Unspecified vulnerability in Devellion Cubecart 2.0.6
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) product parameter to view_product.php, which reveals the path in a PHP error message.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description CubeCart 2.0.x view_cart.php add Variable Path Disclosure. CVE-2005-1033. Webapps exploit for php platform id EDB-ID:25357 last seen 2016-02-03 modified 2005-04-06 published 2005-04-06 reporter John Cobb source https://www.exploit-db.com/download/25357/ title CubeCart 2.0.x view_cart.php add Variable Path Disclosure description CubeCart 2.0.x index.php Multiple Variable Path Disclosure. CVE-2005-1033. Webapps exploit for php platform id EDB-ID:25355 last seen 2016-02-03 modified 2005-04-06 published 2005-04-06 reporter John Cobb source https://www.exploit-db.com/download/25355/ title CubeCart 2.0.x index.php Multiple Variable Path Disclosure description CubeCart 2.0.x tellafriend.php product Variable Path Disclosure. CVE-2005-1033. Webapps exploit for php platform id EDB-ID:25356 last seen 2016-02-03 modified 2005-04-06 published 2005-04-06 reporter John Cobb source https://www.exploit-db.com/download/25356/ title CubeCart 2.0.x tellafriend.php product Variable Path Disclosure description CubeCart 2.0.x view_product.php product Variable Path Disclosure. CVE-2005-1033. Webapps exploit for php platform id EDB-ID:25358 last seen 2016-02-03 modified 2005-04-06 published 2005-04-06 reporter John Cobb source https://www.exploit-db.com/download/25358/ title CubeCart 2.0.x view_product.php product Variable Path Disclosure
Nessus
NASL family | CGI abuses |
NASL id | CUBECART_SQL_INJECTION2.NASL |
description | The installed version of CubeCart on the remote host suffers from multiple SQL injection vulnerabilities due to its failure to sanitize user input via the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 17999 |
published | 2005-04-08 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/17999 |
title | CubeCart <= 2.0.6 Multiple SQL Injections |
code |
|