Vulnerabilities > Cubecart

DATE CVE VULNERABILITY TITLE RISK
2024-06-06 CVE-2024-34832 Path Traversal vulnerability in Cubecart
Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters.
network
low complexity
cubecart CWE-22
critical
9.8
2023-11-17 CVE-2023-38130 Cross-Site Request Forgery (CSRF) vulnerability in Cubecart
Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system.
network
low complexity
cubecart CWE-352
8.1
2023-11-17 CVE-2023-42428 Path Traversal vulnerability in Cubecart
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system.
network
low complexity
cubecart CWE-22
6.5
2023-11-17 CVE-2023-47283 Path Traversal vulnerability in Cubecart
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system.
network
low complexity
cubecart CWE-22
4.9
2023-11-17 CVE-2023-47675 OS Command Injection vulnerability in Cubecart
CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.
network
low complexity
cubecart CWE-78
7.2
2021-05-27 CVE-2021-33394 Session Fixation vulnerability in Cubecart 6.4.2
Cubecart 6.4.2 allows Session Fixation.
network
low complexity
cubecart CWE-384
5.4
2019-01-15 CVE-2018-20716 SQL Injection vulnerability in Cubecart
CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature.
network
low complexity
cubecart CWE-89
critical
9.8
2019-01-13 CVE-2018-20703 Cross-site Scripting vulnerability in Cubecart 6.2.2
CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string.
network
low complexity
cubecart CWE-79
5.4
2017-04-28 CVE-2017-2117 Path Traversal vulnerability in Cubecart
Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors.
network
low complexity
cubecart CWE-22
4.9
2017-04-28 CVE-2017-2098 Path Traversal vulnerability in Cubecart
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
network
low complexity
cubecart CWE-22
6.5