Vulnerabilities > CVE-2006-5108 - Input Validation vulnerability in CubeCart

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
devellion
exploit available
NVD
Published: 2006-10-03
Updated: 2018-10-17

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to inject arbitrary web script or HTML via the order_id parameter in (1) admin/print_order.php and (2) view_order.php; the (3) site_url and (4) la_search_home parameters and (5) certain language parameters in admin/nav.php; the (6) image parameter in admin/image.php; the (7) site_name, (8) la_adm_header, (9) charset, and (10) certain other parameters in admin/header.inc.php; the (12) la_pow_by parameter in footer.inc.php; and the (13) site_name parameter and (14) certain other parameters in header.inc.php.

Vulnerable Configurations

Part Description Count
Application
Devellion
7

Exploit-Db

  • descriptionCubeCart 3.0.x view_order.php order_id Parameter XSS. CVE-2006-5108. Webapps exploit for php platform
    idEDB-ID:28700
    last seen2016-02-03
    modified2006-09-26
    published2006-09-26
    reporterHACKERS PAL
    sourcehttps://www.exploit-db.com/download/28700/
    titleCubeCart 3.0.x view_order.php order_id Parameter XSS
  • descriptionCubeCart 3.0.x /footer.inc.php la_pow_by Parameter XSS. CVE-2006-5108. Webapps exploit for php platform
    idEDB-ID:28704
    last seen2016-02-03
    modified2006-09-26
    published2006-09-26
    reporterHACKERS PAL
    sourcehttps://www.exploit-db.com/download/28704/
    titleCubeCart 3.0.x /footer.inc.php la_pow_by Parameter XSS
  • descriptionCubeCart 3.0.x /admin/header.inc.php Multiple Parameter XSS. CVE-2006-5108. Webapps exploit for php platform
    idEDB-ID:28703
    last seen2016-02-03
    modified2006-09-26
    published2006-09-26
    reporterHACKERS PAL
    sourcehttps://www.exploit-db.com/download/28703/
    titleCubeCart 3.0.x /admin/header.inc.php Multiple Parameter XSS
  • descriptionCubeCart 3.0.x /admin/nav.php Multiple Parameter XSS. CVE-2006-5108. Webapps exploit for php platform
    idEDB-ID:28701
    last seen2016-02-03
    modified2006-09-26
    published2006-09-26
    reporterHACKERS PAL
    sourcehttps://www.exploit-db.com/download/28701/
    titleCubeCart 3.0.x /admin/nav.php Multiple Parameter XSS
  • descriptionCubeCart 3.0.x /admin/print_order.php order_id Parameter XSS. CVE-2006-5108. Webapps exploit for php platform
    idEDB-ID:28699
    last seen2016-02-03
    modified2006-09-26
    published2006-09-26
    reporterHACKERS PAL
    sourcehttps://www.exploit-db.com/download/28699/
    titleCubeCart 3.0.x /admin/print_order.php order_id Parameter XSS
  • descriptionCubeCart 3.0.x /admin/image.php image Parameter XSS. CVE-2006-5108. Webapps exploit for php platform
    idEDB-ID:28702
    last seen2016-02-03
    modified2006-09-26
    published2006-09-26
    reporterHACKERS PAL
    sourcehttps://www.exploit-db.com/download/28702/
    titleCubeCart 3.0.x /admin/image.php image Parameter XSS

References