Vulnerabilities > Cubecart
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-17 | CVE-2023-38130 | Cross-Site Request Forgery (CSRF) vulnerability in Cubecart Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system. | 8.1 |
| 2023-11-17 | CVE-2023-42428 | Path Traversal vulnerability in Cubecart Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system. | 6.5 |
| 2023-11-17 | CVE-2023-47283 | Path Traversal vulnerability in Cubecart Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system. | 4.9 |
| 2023-11-17 | CVE-2023-47675 | OS Command Injection vulnerability in Cubecart CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. | 7.2 |
| 2021-05-27 | CVE-2021-33394 | Session Fixation vulnerability in Cubecart 6.4.2 Cubecart 6.4.2 allows Session Fixation. | 5.5 |
| 2019-01-15 | CVE-2018-20716 | SQL Injection vulnerability in Cubecart CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature. | 7.5 |
| 2019-01-13 | CVE-2018-20703 | Cross-site Scripting vulnerability in Cubecart 6.2.2 CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string. | 3.5 |
| 2017-04-28 | CVE-2017-2117 | Path Traversal vulnerability in Cubecart Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors. | 4.0 |
| 2017-04-28 | CVE-2017-2098 | Path Traversal vulnerability in Cubecart Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | 4.0 |
| 2017-04-28 | CVE-2017-2090 | Path Traversal vulnerability in Cubecart Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | 4.0 |