Vulnerabilities > Devellion > Cubecart > 3.0.0.alpha
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-02-28 | CVE-2006-0922 | Unspecified vulnerability in Devellion Cubecart CubeCart 3.0 through 3.6 does not properly check authorization for an administration session because of a missing auth.inc.php include, which results in an absolute path traversal vulnerability in FileUpload in connector.php (aka upload.php) that allows remote attackers to upload arbitrary files via a modified CurrentFolder parameter in a direct request to admin/filemanager/upload.php. | 5.0 |