Cubecart: >> Cubecart >> 4.4.3 Security Vulnerabilities
Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
CVSS Score
6.8
EPSS Score
0.073
Published
2014-04-22
CubeCart 4.4.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/shipping/USPS/calc.php and certain other files.
CVSS Score
5.0
EPSS Score
0.003
Published
2011-09-23
Page 2