Cubecart: >> Cubecart >> 6.0.4 Security Vulnerabilities
CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-01-15
Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors.
CVSS Score
4.9
EPSS Score
0.017
Published
2017-04-28
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
CVSS Score
6.5
EPSS Score
0.034
Published
2017-04-28
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
CVSS Score
6.5
EPSS Score
0.015
Published
2017-04-28
classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter.
CVSS Score
6.8
EPSS Score
0.006
Published
2015-09-28
Page 2