Shodan
Vulnerabilities
Vulnerable Software
Cubecart:  >> Cubecart  Security Vulnerabilities
CVE-2024-34832
Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters.
CVSS Score
9.8
EPSS Score
0.06
Published
2024-06-06
CVE-2024-33438
File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file.
CVSS Score
8.0
EPSS Score
0.001
Published
2024-04-29
CVE-2023-38130
Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system.
CVSS Score
8.1
EPSS Score
0.006
Published
2023-11-17
CVE-2023-42428
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system.
CVSS Score
6.5
EPSS Score
0.013
Published
2023-11-17
CVE-2023-47283
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system.
CVSS Score
4.9
EPSS Score
0.003
Published
2023-11-17
CVE-2023-47675
CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.
CVSS Score
7.2
EPSS Score
0.006
Published
2023-11-17
CVE-2021-33394
Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user's account through the active session.
CVSS Score
5.4
EPSS Score
0.001
Published
2021-05-27
CVE-2018-20716
CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-01-15
CVE-2018-20703
CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-01-13
CVE-2017-2117
Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors.
CVSS Score
4.9
EPSS Score
0.017
Published
2017-04-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved