Vulnerabilities > Cubecart

DATE	CVE	VULNERABILITY TITLE	RISK
2024-06-06	CVE-2024-34832	Path Traversal vulnerability in Cubecart Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters. network low complexity cubecart CWE-22 critical	9.8
2023-11-17	CVE-2023-38130	Cross-Site Request Forgery (CSRF) vulnerability in Cubecart Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system. network low complexity cubecart CWE-352	8.1
2023-11-17	CVE-2023-42428	Path Traversal vulnerability in Cubecart Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system. network low complexity cubecart CWE-22	6.5
2023-11-17	CVE-2023-47283	Path Traversal vulnerability in Cubecart Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system. network low complexity cubecart CWE-22	4.9
2023-11-17	CVE-2023-47675	OS Command Injection vulnerability in Cubecart CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. network low complexity cubecart CWE-78	7.2
2021-05-27	CVE-2021-33394	Session Fixation vulnerability in Cubecart 6.4.2 Cubecart 6.4.2 allows Session Fixation. network low complexity cubecart CWE-384	5.5
2019-01-15	CVE-2018-20716	SQL Injection vulnerability in Cubecart CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature. network low complexity cubecart CWE-89	7.5
2019-01-13	CVE-2018-20703	Cross-site Scripting vulnerability in Cubecart 6.2.2 CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string. network cubecart CWE-79	3.5
2017-04-28	CVE-2017-2117	Path Traversal vulnerability in Cubecart Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors. network low complexity cubecart CWE-22	4.0
2017-04-28	CVE-2017-2098	Path Traversal vulnerability in Cubecart Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. network low complexity cubecart CWE-22	4.0

Vulnerabilities > Cubecart {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Cubecart"}]}

Vulnerabilities > Cubecart