CVEDB API

Vulnerabilities

Vulnerable Software

Cubecart: >> Cubecart >> 4.4.3 Security Vulnerabilities

CVE-2018-20716

CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature.

CVSS Score

9.8

EPSS Score

0.003

Published

2019-01-15

CVE-2017-2117

Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors.

CVSS Score

4.9

EPSS Score

0.017

Published

2017-04-28

CVE-2017-2090

Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.

CVSS Score

6.5

EPSS Score

0.034

Published

2017-04-28

CVE-2017-2098

Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.

CVSS Score

6.5

EPSS Score

0.015

Published

2017-04-28

CVE-2014-2341

Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.

CVSS Score

6.8

EPSS Score

0.073

Published

2014-04-22

CVE-2011-3724

CubeCart 4.4.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/shipping/USPS/calc.php and certain other files.

CVSS Score

5.0

EPSS Score

0.003

Published

2011-09-23

Page 2

Vulnerabilities

Vulnerable Software

Cubecart: >> Cubecart >> 4.4.3 Security Vulnerabilities

Products

Pricing

Contact Us