Vulnerabilities > Cubecart > Cubecart > 5.0.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-17 | CVE-2023-38130 | Cross-Site Request Forgery (CSRF) vulnerability in Cubecart Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system. | 8.1 |
| 2023-11-17 | CVE-2023-42428 | Path Traversal vulnerability in Cubecart Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system. | 6.5 |
| 2023-11-17 | CVE-2023-47283 | Path Traversal vulnerability in Cubecart Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system. | 4.9 |
| 2023-11-17 | CVE-2023-47675 | OS Command Injection vulnerability in Cubecart CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. | 7.2 |
| 2013-02-08 | CVE-2013-1465 | Deserialization of Untrusted Data vulnerability in Cubecart The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object. | 9.8 |