Vulnerabilities > CVE-2006-4268 - Input Validation vulnerability in CubeCart
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file, (2) x, and (3) y parameters in (a) admin/filemanager/preview.php; and the (4) email parameter in (b) admin/login.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
Nessus
NASL family | CGI abuses |
NASL id | CUBECART_3012.NASL |
description | The version of CubeCart installed on the remote host fails to properly sanitize user-supplied input to several parameters and scripts before using it in database queries and to generate dynamic web content. An unauthenticated attacker may be able to exploit these issues to conduct SQL injection and cross-site scripting attacks against the affected application. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 22231 |
published | 2006-08-17 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/22231 |
title | CubeCart < 3.0.12 Multiple Vulnerabilities (SQLi, XSS) |
code |
|
References
- http://bugs.cubecart.com/?do=details&id=523
- http://retrogod.altervista.org/cubecart_3011_adv.html
- http://secunia.com/advisories/21538
- http://securityreason.com/securityalert/1429
- http://securitytracker.com/id?1016708
- http://www.cubecart.com/site/forums/index.php?showtopic=21247
- http://www.osvdb.org/27987
- http://www.osvdb.org/displayvuln.php?osvdb_id=27986
- http://www.securityfocus.com/archive/1/443476/100/0/threaded
- http://www.securityfocus.com/bid/19563
- http://www.vupen.com/english/advisories/2006/3314
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28429