Vulnerabilities > Devellion > Cubecart > 3.0.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-08-21 | CVE-2006-4268 | Input Validation vulnerability in CubeCart Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file, (2) x, and (3) y parameters in (a) admin/filemanager/preview.php; and the (4) email parameter in (b) admin/login.php. network devellion | 6.8 |
2006-08-21 | CVE-2006-4267 | Input Validation vulnerability in CubeCart Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php. | 7.5 |
2006-02-28 | CVE-2006-0922 | Unspecified vulnerability in Devellion Cubecart CubeCart 3.0 through 3.6 does not properly check authorization for an administration session because of a missing auth.inc.php include, which results in an absolute path traversal vulnerability in FileUpload in connector.php (aka upload.php) that allows remote attackers to upload arbitrary files via a modified CurrentFolder parameter in a direct request to admin/filemanager/upload.php. | 5.0 |