Vulnerabilities > Cubecart > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-17 | CVE-2023-38130 | Cross-Site Request Forgery (CSRF) vulnerability in Cubecart Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system. | 8.1 |
| 2023-11-17 | CVE-2023-47675 | OS Command Injection vulnerability in Cubecart CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. | 7.2 |
| 2019-01-15 | CVE-2018-20716 | SQL Injection vulnerability in Cubecart CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature. | 7.5 |
| 2011-10-08 | CVE-2010-4903 | SQL Injection vulnerability in Cubecart 4.3.3 SQL injection vulnerability in index.php in CubeCart 4.3.3 allows remote attackers to execute arbitrary SQL commands via the searchStr parameter. | 7.5 |
| 2010-06-10 | CVE-2010-1931 | SQL Injection vulnerability in Cubecart SQL injection vulnerability in includes/content/cart.inc.php in CubeCart PHP Shopping cart 4.3.4 through 4.3.9 allows remote attackers to execute arbitrary SQL commands via the shipKey parameter to index.php. | 7.5 |
| 2009-11-24 | CVE-2009-4060 | SQL Injection vulnerability in Cubecart SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter. | 7.5 |
| 2009-11-06 | CVE-2009-3904 | Permissions, Privileges, and Access Controls vulnerability in Cubecart 4.3.4 classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2) X_CLUSTER_CLIENT_IP header, or (3) User-Agent header. | 7.5 |