Vulnerabilities > Cubecart > Cubecart > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-17 | CVE-2023-42428 | Path Traversal vulnerability in Cubecart Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system. | 6.5 |
| 2023-11-17 | CVE-2023-47283 | Path Traversal vulnerability in Cubecart Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system. | 4.9 |
| 2021-05-27 | CVE-2021-33394 | Session Fixation vulnerability in Cubecart 6.4.2 Cubecart 6.4.2 allows Session Fixation. | 5.5 |
| 2017-04-28 | CVE-2017-2117 | Path Traversal vulnerability in Cubecart Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors. | 4.0 |
| 2017-04-28 | CVE-2017-2098 | Path Traversal vulnerability in Cubecart Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | 4.0 |
| 2017-04-28 | CVE-2017-2090 | Path Traversal vulnerability in Cubecart Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | 4.0 |
| 2015-09-28 | CVE-2015-6928 | Improper Access Control vulnerability in Cubecart classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter. | 6.8 |
| 2014-04-22 | CVE-2014-2341 | Improper Authentication vulnerability in Cubecart Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter. | 6.8 |
| 2012-02-21 | CVE-2012-0865 | Improper Input Validation vulnerability in Cubecart Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php. | 5.8 |
| 2011-09-23 | CVE-2011-3724 | Information Exposure vulnerability in Cubecart 4.4.3 CubeCart 4.4.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/shipping/USPS/calc.php and certain other files. | 5.0 |