ID CVE-2007-2862
Summary Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and possibly cookie modification.
References
Vulnerable Configurations
  • cpe:2.3:a:devellion:cubecart:3.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:devellion:cubecart:3.0.16:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 16-10-2018 - 16:45)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 24100
bugtraq 20070521 RedLevel Advisory #021 - CubeCart v3.0.16 SQL Injection Vulnerability
osvdb 38100
sreason 2730
xf cubecart-unspecified-sql-injection(34460)
Last major update 16-10-2018 - 16:45
Published 24-05-2007 - 19:30
Last modified 16-10-2018 - 16:45
Back to Top