Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    22 vulnerabilities by CubeCart Limited

    CVE-2026-35496 (GCVE-0-2026-35496)

    Vulnerability from nvd – Published: 2026-04-17 04:33 – Updated: 2026-04-17 12:18
    VLAI
    Summary
    A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper limitation of a pathname to a restricted directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    CubeCart Limited CubeCart Affected: prior to 6.6.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35496",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-17T12:18:24.559535Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-17T12:18:33.735Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CubeCart",
              "vendor": "CubeCart Limited",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 6.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-17T04:33:49.813Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://community.cubecart.com/t/cubecart-6-6-0-released-the-biggest-update-in-years/62405"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN78422311/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-35496",
        "datePublished": "2026-04-17T04:33:49.813Z",
        "dateReserved": "2026-04-13T02:53:41.252Z",
        "dateUpdated": "2026-04-17T12:18:33.735Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-34018 (GCVE-0-2026-34018)

    Vulnerability from nvd – Published: 2026-04-17 04:33 – Updated: 2026-04-17 12:20
    VLAI
    Summary
    An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper neutralization of special elements used in an SQL command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    CubeCart Limited CubeCart Affected: prior to 6.6.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-34018",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-17T12:20:02.943694Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-17T12:20:12.217Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CubeCart",
              "vendor": "CubeCart Limited",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 6.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Improper neutralization of special elements used in an SQL command (\u0027SQL Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-17T04:33:35.768Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://community.cubecart.com/t/cubecart-6-6-0-released-the-biggest-update-in-years/62405"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN78422311/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-34018",
        "datePublished": "2026-04-17T04:33:35.768Z",
        "dateReserved": "2026-04-13T02:53:40.276Z",
        "dateUpdated": "2026-04-17T12:20:12.217Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21719 (GCVE-0-2026-21719)

    Vulnerability from nvd – Published: 2026-04-17 04:33 – Updated: 2026-04-17 12:21
    VLAI
    Summary
    An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    CubeCart Limited CubeCart Affected: prior to 6.6.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21719",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-17T12:21:40.939591Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-17T12:21:48.770Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CubeCart",
              "vendor": "CubeCart Limited",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 6.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-17T04:33:17.708Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://community.cubecart.com/t/cubecart-6-6-0-released-the-biggest-update-in-years/62405"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN78422311/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-21719",
        "datePublished": "2026-04-17T04:33:17.708Z",
        "dateReserved": "2026-04-13T02:53:42.375Z",
        "dateUpdated": "2026-04-17T12:21:48.770Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-47675 (GCVE-0-2023-47675)

    Vulnerability from nvd – Published: 2023-11-17 04:37 – Updated: 2024-08-02 21:16
    VLAI
    Summary
    CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.
    Severity
    No CVSS data available.
    CWE
    • OS command injection
    Assigner
    Impacted products
    Vendor Product Version
    CubeCart Limited CubeCart Affected: prior to 6.5.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:16:42.956Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN22220399/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CubeCart",
              "vendor": "CubeCart Limited",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 6.5.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS command injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-17T04:37:54.033Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN22220399/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-47675",
        "datePublished": "2023-11-17T04:37:54.033Z",
        "dateReserved": "2023-11-13T02:58:59.752Z",
        "dateUpdated": "2024-08-02T21:16:42.956Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-47283 (GCVE-0-2023-47283)

    Vulnerability from nvd – Published: 2023-11-17 04:37 – Updated: 2024-08-02 21:09
    VLAI
    Summary
    Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system.
    Severity
    No CVSS data available.
    CWE
    • Directory traversal
    Assigner
    Impacted products
    Vendor Product Version
    CubeCart Limited CubeCart Affected: prior to 6.5.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:09:36.609Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN22220399/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CubeCart",
              "vendor": "CubeCart Limited",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 6.5.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-17T04:37:37.783Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN22220399/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-47283",
        "datePublished": "2023-11-17T04:37:37.783Z",
        "dateReserved": "2023-11-13T02:59:03.879Z",
        "dateUpdated": "2024-08-02T21:09:36.609Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-42428 (GCVE-0-2023-42428)

    Vulnerability from nvd – Published: 2023-11-17 04:37 – Updated: 2024-08-02 19:16
    VLAI
    Summary
    Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system.
    Severity
    No CVSS data available.
    CWE
    • Directory traversal
    Assigner
    Impacted products
    Vendor Product Version
    CubeCart Limited CubeCart Affected: prior to 6.5.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:16:51.154Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN22220399/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CubeCart",
              "vendor": "CubeCart Limited",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 6.5.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-17T04:37:21.879Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN22220399/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-42428",
        "datePublished": "2023-11-17T04:37:21.879Z",
        "dateReserved": "2023-11-13T02:59:01.085Z",
        "dateUpdated": "2024-08-02T19:16:51.154Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38130 (GCVE-0-2023-38130)

    Vulnerability from nvd – Published: 2023-11-17 04:37 – Updated: 2025-01-06 17:26
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Cross-site request forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    CubeCart Limited CubeCart Affected: prior to 6.5.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:30:14.063Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN22220399/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38130",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-11-17T15:15:09.827678Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-06T17:26:05.978Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CubeCart",
              "vendor": "CubeCart Limited",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 6.5.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site request forgery (CSRF)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-17T04:37:02.535Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN22220399/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-38130",
        "datePublished": "2023-11-17T04:37:02.535Z",
        "dateReserved": "2023-11-13T02:59:04.704Z",
        "dateUpdated": "2025-01-06T17:26:05.978Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2117 (GCVE-0-2017-2117)

    Vulnerability from nvd – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:39
    VLAI
    Summary
    Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Directory traversal
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/96466 vdb-entryx_refsource_BID
    https://forums.cubecart.com/topic/52188-cubecart-… x_refsource_MISC
    http://jvn.jp/en/jp/JVN63474730/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    CubeCart Limited CubeCart Affected: versions prior to 6.1.5
    Create a notification for this product.
    Date Public
    2017-04-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:39:32.406Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "96466",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96466"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://forums.cubecart.com/topic/52188-cubecart-615-released/"
              },
              {
                "name": "JVN#63474730",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN63474730/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CubeCart",
              "vendor": "CubeCart Limited",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 6.1.5"
                }
              ]
            }
          ],
          "datePublic": "2017-04-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-01T09:57:02.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "96466",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96466"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://forums.cubecart.com/topic/52188-cubecart-615-released/"
            },
            {
              "name": "JVN#63474730",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN63474730/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2117",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CubeCart",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 6.1.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CubeCart Limited"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "96466",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96466"
                },
                {
                  "name": "https://forums.cubecart.com/topic/52188-cubecart-615-released/",
                  "refsource": "MISC",
                  "url": "https://forums.cubecart.com/topic/52188-cubecart-615-released/"
                },
                {
                  "name": "JVN#63474730",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN63474730/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2117",
        "datePublished": "2017-04-28T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:39:32.406Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2098 (GCVE-0-2017-2098)

    Vulnerability from nvd – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:39
    VLAI
    Summary
    Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Directory traversal
    Assigner
    References
    URL Tags
    https://forums.cubecart.com/topic/52088-cubecart-… x_refsource_MISC
    http://jvn.jp/en/jp/JVN81618356/index.html third-party-advisoryx_refsource_JVN
    http://www.securityfocus.com/bid/95866 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    CubeCart Limited CubeCart Affected: versions prior to 6.1.4
    Create a notification for this product.
    Date Public
    2017-04-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:39:32.329Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://forums.cubecart.com/topic/52088-cubecart-614-released/"
              },
              {
                "name": "JVN#81618356",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN81618356/index.html"
              },
              {
                "name": "95866",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95866"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CubeCart",
              "vendor": "CubeCart Limited",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 6.1.4"
                }
              ]
            }
          ],
          "datePublic": "2017-04-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-01T09:57:02.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://forums.cubecart.com/topic/52088-cubecart-614-released/"
            },
            {
              "name": "JVN#81618356",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN81618356/index.html"
            },
            {
              "name": "95866",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95866"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2098",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CubeCart",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 6.1.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CubeCart Limited"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://forums.cubecart.com/topic/52088-cubecart-614-released/",
                  "refsource": "MISC",
                  "url": "https://forums.cubecart.com/topic/52088-cubecart-614-released/"
                },
                {
                  "name": "JVN#81618356",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN81618356/index.html"
                },
                {
                  "name": "95866",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95866"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2098",
        "datePublished": "2017-04-28T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:39:32.329Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-35496 (GCVE-0-2026-35496)

    Vulnerability from cvelistv5 – Published: 2026-04-17 04:33 – Updated: 2026-04-17 12:18
    VLAI
    Summary
    A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper limitation of a pathname to a restricted directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    CubeCart Limited CubeCart Affected: prior to 6.6.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-35496",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-17T12:18:24.559535Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-17T12:18:33.735Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CubeCart",
              "vendor": "CubeCart Limited",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 6.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-17T04:33:49.813Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://community.cubecart.com/t/cubecart-6-6-0-released-the-biggest-update-in-years/62405"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN78422311/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-35496",
        "datePublished": "2026-04-17T04:33:49.813Z",
        "dateReserved": "2026-04-13T02:53:41.252Z",
        "dateUpdated": "2026-04-17T12:18:33.735Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-34018 (GCVE-0-2026-34018)

    Vulnerability from cvelistv5 – Published: 2026-04-17 04:33 – Updated: 2026-04-17 12:20
    VLAI
    Summary
    An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper neutralization of special elements used in an SQL command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    CubeCart Limited CubeCart Affected: prior to 6.6.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-34018",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-17T12:20:02.943694Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-17T12:20:12.217Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CubeCart",
              "vendor": "CubeCart Limited",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 6.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Improper neutralization of special elements used in an SQL command (\u0027SQL Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-17T04:33:35.768Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://community.cubecart.com/t/cubecart-6-6-0-released-the-biggest-update-in-years/62405"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN78422311/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-34018",
        "datePublished": "2026-04-17T04:33:35.768Z",
        "dateReserved": "2026-04-13T02:53:40.276Z",
        "dateUpdated": "2026-04-17T12:20:12.217Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21719 (GCVE-0-2026-21719)

    Vulnerability from cvelistv5 – Published: 2026-04-17 04:33 – Updated: 2026-04-17 12:21
    VLAI
    Summary
    An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    CubeCart Limited CubeCart Affected: prior to 6.6.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21719",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-17T12:21:40.939591Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-17T12:21:48.770Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CubeCart",
              "vendor": "CubeCart Limited",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 6.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-17T04:33:17.708Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://community.cubecart.com/t/cubecart-6-6-0-released-the-biggest-update-in-years/62405"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN78422311/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-21719",
        "datePublished": "2026-04-17T04:33:17.708Z",
        "dateReserved": "2026-04-13T02:53:42.375Z",
        "dateUpdated": "2026-04-17T12:21:48.770Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-47675 (GCVE-0-2023-47675)

    Vulnerability from cvelistv5 – Published: 2023-11-17 04:37 – Updated: 2024-08-02 21:16
    VLAI
    Summary
    CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.
    Severity
    No CVSS data available.
    CWE
    • OS command injection
    Assigner
    Impacted products
    Vendor Product Version
    CubeCart Limited CubeCart Affected: prior to 6.5.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:16:42.956Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN22220399/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CubeCart",
              "vendor": "CubeCart Limited",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 6.5.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS command injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-17T04:37:54.033Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN22220399/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-47675",
        "datePublished": "2023-11-17T04:37:54.033Z",
        "dateReserved": "2023-11-13T02:58:59.752Z",
        "dateUpdated": "2024-08-02T21:16:42.956Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-47283 (GCVE-0-2023-47283)

    Vulnerability from cvelistv5 – Published: 2023-11-17 04:37 – Updated: 2024-08-02 21:09
    VLAI
    Summary
    Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system.
    Severity
    No CVSS data available.
    CWE
    • Directory traversal
    Assigner
    Impacted products
    Vendor Product Version
    CubeCart Limited CubeCart Affected: prior to 6.5.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:09:36.609Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN22220399/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CubeCart",
              "vendor": "CubeCart Limited",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 6.5.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-17T04:37:37.783Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN22220399/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-47283",
        "datePublished": "2023-11-17T04:37:37.783Z",
        "dateReserved": "2023-11-13T02:59:03.879Z",
        "dateUpdated": "2024-08-02T21:09:36.609Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-42428 (GCVE-0-2023-42428)

    Vulnerability from cvelistv5 – Published: 2023-11-17 04:37 – Updated: 2024-08-02 19:16
    VLAI
    Summary
    Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system.
    Severity
    No CVSS data available.
    CWE
    • Directory traversal
    Assigner
    Impacted products
    Vendor Product Version
    CubeCart Limited CubeCart Affected: prior to 6.5.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:16:51.154Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN22220399/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CubeCart",
              "vendor": "CubeCart Limited",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 6.5.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-17T04:37:21.879Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN22220399/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-42428",
        "datePublished": "2023-11-17T04:37:21.879Z",
        "dateReserved": "2023-11-13T02:59:01.085Z",
        "dateUpdated": "2024-08-02T19:16:51.154Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38130 (GCVE-0-2023-38130)

    Vulnerability from cvelistv5 – Published: 2023-11-17 04:37 – Updated: 2025-01-06 17:26
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Cross-site request forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    CubeCart Limited CubeCart Affected: prior to 6.5.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:30:14.063Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN22220399/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38130",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-11-17T15:15:09.827678Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-06T17:26:05.978Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CubeCart",
              "vendor": "CubeCart Limited",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 6.5.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site request forgery (CSRF)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-17T04:37:02.535Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN22220399/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-38130",
        "datePublished": "2023-11-17T04:37:02.535Z",
        "dateReserved": "2023-11-13T02:59:04.704Z",
        "dateUpdated": "2025-01-06T17:26:05.978Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2117 (GCVE-0-2017-2117)

    Vulnerability from cvelistv5 – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:39
    VLAI
    Summary
    Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Directory traversal
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/96466 vdb-entryx_refsource_BID
    https://forums.cubecart.com/topic/52188-cubecart-… x_refsource_MISC
    http://jvn.jp/en/jp/JVN63474730/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    CubeCart Limited CubeCart Affected: versions prior to 6.1.5
    Create a notification for this product.
    Date Public
    2017-04-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:39:32.406Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "96466",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96466"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://forums.cubecart.com/topic/52188-cubecart-615-released/"
              },
              {
                "name": "JVN#63474730",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN63474730/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CubeCart",
              "vendor": "CubeCart Limited",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 6.1.5"
                }
              ]
            }
          ],
          "datePublic": "2017-04-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-01T09:57:02.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "96466",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96466"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://forums.cubecart.com/topic/52188-cubecart-615-released/"
            },
            {
              "name": "JVN#63474730",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN63474730/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2117",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CubeCart",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 6.1.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CubeCart Limited"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "96466",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96466"
                },
                {
                  "name": "https://forums.cubecart.com/topic/52188-cubecart-615-released/",
                  "refsource": "MISC",
                  "url": "https://forums.cubecart.com/topic/52188-cubecart-615-released/"
                },
                {
                  "name": "JVN#63474730",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN63474730/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2117",
        "datePublished": "2017-04-28T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:39:32.406Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2098 (GCVE-0-2017-2098)

    Vulnerability from cvelistv5 – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:39
    VLAI
    Summary
    Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Directory traversal
    Assigner
    References
    URL Tags
    https://forums.cubecart.com/topic/52088-cubecart-… x_refsource_MISC
    http://jvn.jp/en/jp/JVN81618356/index.html third-party-advisoryx_refsource_JVN
    http://www.securityfocus.com/bid/95866 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    CubeCart Limited CubeCart Affected: versions prior to 6.1.4
    Create a notification for this product.
    Date Public
    2017-04-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:39:32.329Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://forums.cubecart.com/topic/52088-cubecart-614-released/"
              },
              {
                "name": "JVN#81618356",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN81618356/index.html"
              },
              {
                "name": "95866",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95866"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CubeCart",
              "vendor": "CubeCart Limited",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 6.1.4"
                }
              ]
            }
          ],
          "datePublic": "2017-04-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-01T09:57:02.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://forums.cubecart.com/topic/52088-cubecart-614-released/"
            },
            {
              "name": "JVN#81618356",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN81618356/index.html"
            },
            {
              "name": "95866",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95866"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2098",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CubeCart",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 6.1.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CubeCart Limited"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://forums.cubecart.com/topic/52088-cubecart-614-released/",
                  "refsource": "MISC",
                  "url": "https://forums.cubecart.com/topic/52088-cubecart-614-released/"
                },
                {
                  "name": "JVN#81618356",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN81618356/index.html"
                },
                {
                  "name": "95866",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95866"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2098",
        "datePublished": "2017-04-28T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:39:32.329Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2026-000057

    Vulnerability from jvndb - Published: 2026-04-17 13:32 - Updated:2026-04-17 13:32
    Severity
    Summary
    Multiple vulnerabilities in CubeCart
    Details
    CubeCart provided by CubeCart Limited contains multiple vulnerabilities listed below.
    • OS command injection (CWE-78) - CVE-2026-21719
    • SQL injection (CWE-89) - CVE-2026-34018
    • Path traversal (CWE-22) - CVE-2026-35496
    Gen Sato of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to the developer first, and to IPA later. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000057.html",
      "dc:date": "2026-04-17T13:32+09:00",
      "dcterms:issued": "2026-04-17T13:32+09:00",
      "dcterms:modified": "2026-04-17T13:32+09:00",
      "description": "CubeCart provided by CubeCart Limited contains multiple vulnerabilities listed below.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/78.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/89.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/22.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eOS command injection (CWE-78) - CVE-2026-21719\u003c/li\u003e\u003cli\u003eSQL injection (CWE-89) - CVE-2026-34018\u003c/li\u003e\u003cli\u003ePath traversal (CWE-22) - CVE-2026-35496\u003c/li\u003e\u003c/ul\u003eGen Sato of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to the developer first, and to IPA later. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000057.html",
      "sec:cpe": {
        "#text": "cpe:/a:cubecart:cubecart",
        "@product": "CubeCart",
        "@vendor": "CubeCart Limited",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "7.2",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2026-000057",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN78422311/index.html",
          "@id": "JVN#78422311",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2026-21719",
          "@id": "CVE-2026-21719",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2026-34018",
          "@id": "CVE-2026-34018",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2026-35496",
          "@id": "CVE-2026-35496",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-22",
          "@title": "Path Traversal(CWE-22)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-89",
          "@title": "SQL Injection(CWE-89)"
        }
      ],
      "title": "Multiple vulnerabilities in CubeCart"
    }

    JVNDB-2023-000118

    Vulnerability from jvndb - Published: 2023-11-17 14:22 - Updated:2024-04-30 18:15
    Severity
    Summary
    Multiple vulnerabilities in CubeCart
    Details
    CubeCart provided by CubeCart Limited contains multiple vulnerabilities listed below.
    • Cross-site request forgery (CWE-352) - CVE-2023-38130
    • Directory traversal (CWE-22) - CVE-2023-42428
    • Directory traversal (CWE-22) - CVE-2023-47283
    • OS command injection (CWE-78) - CVE-2023-47675
    Gen Sato of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to the developer first, and to IPA later. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000118.html",
      "dc:date": "2024-04-30T18:15+09:00",
      "dcterms:issued": "2023-11-17T14:22+09:00",
      "dcterms:modified": "2024-04-30T18:15+09:00",
      "description": "CubeCart provided by CubeCart Limited contains multiple vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eCross-site request forgery (CWE-352) - CVE-2023-38130\u003c/li\u003e\u003cli\u003eDirectory traversal (CWE-22) - CVE-2023-42428\u003c/li\u003e\u003cli\u003eDirectory traversal (CWE-22) - CVE-2023-47283\u003c/li\u003e\u003cli\u003eOS command injection (CWE-78) - CVE-2023-47675\u003c/li\u003e\u003c/ul\u003e\r\nGen Sato of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to the developer first, and to IPA later.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000118.html",
      "sec:cpe": {
        "#text": "cpe:/a:cubecart:cubecart",
        "@product": "CubeCart",
        "@vendor": "CubeCart Limited",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.5",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "9.1",
          "@severity": "Critical",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2023-000118",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN22220399/index.html",
          "@id": "JVN#22220399",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-38130",
          "@id": "CVE-2023-38130",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-42428",
          "@id": "CVE-2023-42428",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-47283",
          "@id": "CVE-2023-47283",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-47675",
          "@id": "CVE-2023-47675",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-38130",
          "@id": "CVE-2023-38130",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-42428",
          "@id": "CVE-2023-42428",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-47283",
          "@id": "CVE-2023-47283",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-47675",
          "@id": "CVE-2023-47675",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-22",
          "@title": "Path Traversal(CWE-22)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-352",
          "@title": "Cross-Site Request Forgery(CWE-352)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        }
      ],
      "title": "Multiple vulnerabilities in CubeCart"
    }

    JVNDB-2017-000038

    Vulnerability from jvndb - Published: 2017-02-28 14:13 - Updated:2017-06-01 12:18
    Severity
    Summary
    CubeCart vulnerable to directory traversal
    Details
    CubeCart from CubeCart Limited is an open source system for creating online shopping websites. CubeCart contains a directory traversal vulnerability (CWE-22). ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000038.html",
      "dc:date": "2017-06-01T12:18+09:00",
      "dcterms:issued": "2017-02-28T14:13+09:00",
      "dcterms:modified": "2017-06-01T12:18+09:00",
      "description": "CubeCart from CubeCart Limited is an open source system for creating online shopping websites. CubeCart contains a directory traversal vulnerability (CWE-22).\r\n\r\nASAI Ken reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000038.html",
      "sec:cpe": {
        "#text": "cpe:/a:cubecart:cubecart",
        "@product": "CubeCart",
        "@vendor": "CubeCart Limited",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.1",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000038",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN63474730/index.html",
          "@id": "JVN#63474730",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2117",
          "@id": "CVE-2017-2117",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2117",
          "@id": "CVE-2017-2117",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-22",
          "@title": "Path Traversal(CWE-22)"
        }
      ],
      "title": "CubeCart vulnerable to directory traversal"
    }

    JVNDB-2017-000014

    Vulnerability from jvndb - Published: 2017-01-27 13:49 - Updated:2017-06-01 11:30
    Severity
    Summary
    CubeCart vulnerable to directory traversal
    Details
    CubeCart from CubeCart Limited is an open source system for creating online shopping websites. CubeCart contains a directory traversal vulnerability (CWE-22). ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000014.html",
      "dc:date": "2017-06-01T11:30+09:00",
      "dcterms:issued": "2017-01-27T13:49+09:00",
      "dcterms:modified": "2017-06-01T11:30+09:00",
      "description": "CubeCart from CubeCart Limited is an open source system for creating online shopping websites. CubeCart contains a directory traversal vulnerability (CWE-22).\r\n\r\nASAI Ken reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000014.html",
      "sec:cpe": {
        "#text": "cpe:/a:cubecart:cubecart",
        "@product": "CubeCart",
        "@vendor": "CubeCart Limited",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "5.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000014",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN81618356/index.html",
          "@id": "JVN#81618356",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2098",
          "@id": "CVE-2017-2098",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2098",
          "@id": "CVE-2017-2098",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-22",
          "@title": "Path Traversal(CWE-22)"
        }
      ],
      "title": "CubeCart vulnerable to directory traversal"
    }