Vulnerabilities > Devellion > Cubecart > 2.0.1

DATE CVE VULNERABILITY TITLE RISK
2006-10-03 CVE-2006-5109 Input Validation vulnerability in CubeCart
Devellion CubeCart 2.0.x allows remote attackers to obtain sensitive information via a direct request for (1) link_navi.php or (2) spotlight.php, which reveals the path in various error messages.
network
low complexity
devellion
5.0
2006-10-03 CVE-2006-5108 Input Validation vulnerability in CubeCart
Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to inject arbitrary web script or HTML via the order_id parameter in (1) admin/print_order.php and (2) view_order.php; the (3) site_url and (4) la_search_home parameters and (5) certain language parameters in admin/nav.php; the (6) image parameter in admin/image.php; the (7) site_name, (8) la_adm_header, (9) charset, and (10) certain other parameters in admin/header.inc.php; the (12) la_pow_by parameter in footer.inc.php; and the (13) site_name parameter and (14) certain other parameters in header.inc.php.
network
devellion
6.8
2006-10-03 CVE-2006-5107 Input Validation vulnerability in CubeCart
Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter in admin/forgot_pass.php, (2) the order_id parameter in view_order.php, (3) the view_doc parameter in view_doc.php, and (4) the order_id parameter in admin/print_order.php.
network
low complexity
devellion
7.5
2005-05-02 CVE-2005-0607 Remote Security vulnerability in Cubecart
CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the full path of the server via direct calls without parameters to (1) information.php, (2) language.php, (3) list_docs.php, (4) popular_prod.php, (5) sale.php, (6) subfooter.inc.php, (7) subheader.inc.php, (8) cat_navi.php, or (9) check_sum.php, which reveals the path in a PHP error message.
network
low complexity
devellion
5.0
2005-05-02 CVE-2005-0606 Cross-Site Scripting vulnerability in CubeCart
Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) session, (6) catname, (7) search, or (8) page parameters.
network
devellion
4.3
2005-05-02 CVE-2005-0443 Multiple vulnerability in Brooky Cubecart 2.0.1/2.0.4
index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the full path for the web server or (2) conduct cross-site scripting (XSS) attacks via an invalid language parameter, which echoes the parameter in a PHP error message.
network
devellion
4.3
2005-05-02 CVE-2005-0442 Multiple vulnerability in Brooky Cubecart 2.0.1/2.0.4
Directory traversal vulnerability in index.php for CubeCart 2.0.4 allows remote attackers to read arbitrary files via the language parameter.
network
low complexity
devellion
5.0
2004-12-31 CVE-2004-1580 SQL Injection vulnerability in Devellion Cubecart 2.0.1
SQL injection vulnerability in index.php in CubeCart 2.0.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
network
low complexity
devellion
7.5
2004-12-31 CVE-2004-1579 Information Disclosure vulnerability in Devellion Cubecart 2.0.1
index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive information via an HTTP request with an invalid cat_id parameter, which reveals the full path in a PHP error message.
network
low complexity
devellion
5.0