Vulnerabilities > Cubecart > Cubecart > 6.2.4

DATE CVE VULNERABILITY TITLE RISK
2024-06-06 CVE-2024-34832 Path Traversal vulnerability in Cubecart
Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters.
network
low complexity
cubecart CWE-22
critical
9.8
2023-11-17 CVE-2023-38130 Cross-Site Request Forgery (CSRF) vulnerability in Cubecart
Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system.
network
low complexity
cubecart CWE-352
8.1
2023-11-17 CVE-2023-42428 Path Traversal vulnerability in Cubecart
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system.
network
low complexity
cubecart CWE-22
6.5
2023-11-17 CVE-2023-47283 Path Traversal vulnerability in Cubecart
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system.
network
low complexity
cubecart CWE-22
4.9
2023-11-17 CVE-2023-47675 OS Command Injection vulnerability in Cubecart
CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.
network
low complexity
cubecart CWE-78
7.2