IDCVSSSummaryLast (major) updatePublished
CVE-2012-0865 5.8
Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php
11-01-2018 - 02:29 21-02-2012 - 13:31
CVE-2009-4060 7.5
SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter.
17-08-2017 - 01:31 24-11-2009 - 02:30
CVE-2014-2341 6.8
Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
29-08-2017 - 01:34 22-04-2014 - 13:06
CVE-2017-2098 4.0
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
05-05-2017 - 12:47 28-04-2017 - 16:59
CVE-2017-2090 4.0
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
05-05-2017 - 13:13 28-04-2017 - 16:59
CVE-2017-2117 4.0
Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors.
05-05-2017 - 13:23 28-04-2017 - 16:59
CVE-2018-20716 7.5
CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature.
23-01-2019 - 16:34 15-01-2019 - 16:29
Back to Top Mark selected
Back to Top