CVE-2010-4903
- EPSS 0.46%
- Veröffentlicht 08.10.2011 10:55:06
- Zuletzt bearbeitet 11.04.2025 00:51:21
SQL injection vulnerability in index.php in CubeCart 4.3.3 allows remote attackers to execute arbitrary SQL commands via the searchStr parameter.
- EPSS 0.28%
- Veröffentlicht 23.09.2011 23:55:02
- Zuletzt bearbeitet 11.04.2025 00:51:21
CubeCart 4.4.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/shipping/USPS/calc.php and certain other files.
CVE-2010-1931
- EPSS 1.72%
- Veröffentlicht 10.06.2010 00:30:07
- Zuletzt bearbeitet 11.04.2025 00:51:21
SQL injection vulnerability in includes/content/cart.inc.php in CubeCart PHP Shopping cart 4.3.4 through 4.3.9 allows remote attackers to execute arbitrary SQL commands via the shipKey parameter to index.php.
CVE-2009-4060
- EPSS 0.23%
- Veröffentlicht 24.11.2009 02:30:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter.
CVE-2009-3904
- EPSS 5.18%
- Veröffentlicht 06.11.2009 15:30:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) ses...
CVE-2008-1550
- EPSS 0.29%
- Veröffentlicht 31.03.2008 17:44:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Multiple cross-site scripting (XSS) vulnerabilities in index.php in CubeCart 4.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the _a parameter in a searchStr action and the (2) Submit parameter.