Cubecart: >> Cubecart >> 3.0.19 Security Vulnerabilities
Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
CVSS Score
6.8
EPSS Score
0.073
Published
2014-04-22
Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php.
CVSS Score
5.8
EPSS Score
0.079
Published
2012-02-21
SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter.
CVSS Score
7.5
EPSS Score
0.002
Published
2009-11-24
Page 2