Vulnerabilities > Cubecart > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-06 CVE-2024-34832 Path Traversal vulnerability in Cubecart
Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters.
network
low complexity
cubecart CWE-22
critical
 9.8
9.8
2013-02-08 CVE-2013-1465 Deserialization of Untrusted Data vulnerability in Cubecart
The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object.
network
low complexity
cubecart CWE-502
critical
 9.8
9.8