Cubecart

Cubecart

30 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2015-6928

Exploit
  • EPSS 2.19%
  • Veröffentlicht 28.09.2015 15:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space c...

6.8

CVE-2014-2341

  • EPSS 5.83%
  • Veröffentlicht 22.04.2014 13:06:29
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.

9.8

CVE-2013-1465

Exploit
  • EPSS 7.09%
  • Veröffentlicht 08.02.2013 20:55:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using...

5.8

CVE-2012-0865

Exploit
  • EPSS 2.96%
  • Veröffentlicht 21.02.2012 13:31:45
  • Zuletzt bearbeitet 16.06.2026 23:38:24

Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php...

7.5

CVE-2010-4903

  • EPSS 1.14%
  • Veröffentlicht 08.10.2011 10:55:06
  • Zuletzt bearbeitet 16.06.2026 23:25:45

SQL injection vulnerability in index.php in CubeCart 4.3.3 allows remote attackers to execute arbitrary SQL commands via the searchStr parameter.

5

CVE-2011-3724

Exploit
  • EPSS 1.34%
  • Veröffentlicht 23.09.2011 23:55:02
  • Zuletzt bearbeitet 16.06.2026 23:33:48

CubeCart 4.4.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/shipping/USPS/calc.php and certain other files.

7.5

CVE-2010-1931

Exploit
  • EPSS 1.26%
  • Veröffentlicht 10.06.2010 00:30:07
  • Zuletzt bearbeitet 16.06.2026 23:19:36

SQL injection vulnerability in includes/content/cart.inc.php in CubeCart PHP Shopping cart 4.3.4 through 4.3.9 allows remote attackers to execute arbitrary SQL commands via the shipKey parameter to index.php.

7.5

CVE-2009-4060

  • EPSS 2.24%
  • Veröffentlicht 24.11.2009 02:30:00
  • Zuletzt bearbeitet 16.06.2026 23:12:57

SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter.

7.5

CVE-2009-3904

Exploit
  • EPSS 8.67%
  • Veröffentlicht 06.11.2009 15:30:00
  • Zuletzt bearbeitet 16.06.2026 23:12:36

classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) ses...

4.3

CVE-2008-1550

  • EPSS 1.03%
  • Veröffentlicht 31.03.2008 17:44:00
  • Zuletzt bearbeitet 16.06.2026 22:51:57

Multiple cross-site scripting (XSS) vulnerabilities in index.php in CubeCart 4.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the _a parameter in a searchStr action and the (2) Submit parameter.