Vulnerabilities > Devellion > Cubecart > High

DATE CVE VULNERABILITY TITLE RISK
2007-05-24 CVE-2007-2862 SQL Injection vulnerability in Devellion Cubecart 3.0.16
Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and possibly cookie modification.
network
low complexity
devellion
7.5
2006-10-03 CVE-2006-5107 Input Validation vulnerability in CubeCart
Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter in admin/forgot_pass.php, (2) the order_id parameter in view_order.php, (3) the view_doc parameter in view_doc.php, and (4) the order_id parameter in admin/print_order.php.
network
low complexity
devellion
7.5
2006-09-01 CVE-2006-4526 Multiple Security vulnerability in CubeCart
SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the searchArray[] parameter.
network
low complexity
devellion
7.5
2006-08-21 CVE-2006-4267 Input Validation vulnerability in CubeCart
Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php.
network
low complexity
devellion
7.5
2006-01-03 CVE-2006-0064 Code Injection vulnerability in Devellion Cubecart
PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the glob[rootDir] parameter.
network
low complexity
devellion CWE-94
7.5
2004-12-31 CVE-2004-1580 SQL Injection vulnerability in Devellion Cubecart 2.0.1
SQL injection vulnerability in index.php in CubeCart 2.0.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
network
low complexity
devellion
7.5