Vulnerabilities > Cubecart

DATE CVE VULNERABILITY TITLE RISK
2021-05-27 CVE-2021-33394 Session Fixation vulnerability in Cubecart 6.4.2
Cubecart 6.4.2 allows Session Fixation.
network
low complexity
cubecart CWE-384
5.5
2019-01-15 CVE-2018-20716 SQL Injection vulnerability in Cubecart
CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature.
network
low complexity
cubecart CWE-89
7.5
2019-01-13 CVE-2018-20703 Cross-site Scripting vulnerability in Cubecart 6.2.2
CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string.
network
cubecart CWE-79
3.5
2017-04-28 CVE-2017-2117 Path Traversal vulnerability in Cubecart
Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors.
network
low complexity
cubecart CWE-22
4.0
2017-04-28 CVE-2017-2098 Path Traversal vulnerability in Cubecart
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
network
low complexity
cubecart CWE-22
4.0
2017-04-28 CVE-2017-2090 Path Traversal vulnerability in Cubecart
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
network
low complexity
cubecart CWE-22
4.0
2015-09-28 CVE-2015-6928 Improper Access Control vulnerability in Cubecart
classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter.
network
cubecart CWE-284
6.8
2014-04-22 CVE-2014-2341 Improper Authentication vulnerability in Cubecart
Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
network
cubecart CWE-287
6.8
2013-02-08 CVE-2013-1465 Improper Input Validation vulnerability in Cubecart
The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object.
network
low complexity
cubecart CWE-20
7.5
2012-02-21 CVE-2012-0865 Improper Input Validation vulnerability in Cubecart
Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php.
network
cubecart CWE-20
5.8