Vulnerabilities > Devellion > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-05-24 | CVE-2007-2862 | SQL Injection vulnerability in Devellion Cubecart 3.0.16 Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and possibly cookie modification. | 7.5 |
| 2006-10-03 | CVE-2006-5107 | Input Validation vulnerability in CubeCart Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter in admin/forgot_pass.php, (2) the order_id parameter in view_order.php, (3) the view_doc parameter in view_doc.php, and (4) the order_id parameter in admin/print_order.php. | 7.5 |
| 2006-09-01 | CVE-2006-4526 | Multiple Security vulnerability in CubeCart SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the searchArray[] parameter. | 7.5 |
| 2006-08-21 | CVE-2006-4267 | Input Validation vulnerability in CubeCart Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php. | 7.5 |
| 2006-01-03 | CVE-2006-0064 | Code Injection vulnerability in Devellion Cubecart PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the glob[rootDir] parameter. | 7.5 |
| 2004-12-31 | CVE-2004-1580 | SQL Injection vulnerability in Devellion Cubecart 2.0.1 SQL injection vulnerability in index.php in CubeCart 2.0.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | 7.5 |