Vulnerabilites related to cubecart - cubecart
Vulnerability from fkie_nvd
Published
2023-11-17 05:15
Modified
2024-11-21 08:22
Severity ?
Summary
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/ | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN22220399/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN22220399/ | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cubecart:cubecart:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56262126-6607-4B85-92DB-B257AF49E6EA",
"versionEndExcluding": "6.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system."
},
{
"lang": "es",
"value": "Vulnerabilidad de Directory Traversal en CubeCart anterior a 6.5.3 permite a un atacante remoto autenticado con privilegios administrativos eliminar directorios y archivos en el sistema."
}
],
"id": "CVE-2023-42428",
"lastModified": "2024-11-21T08:22:30.947",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-17T05:15:12.477",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN22220399/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN22220399/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-08 10:55
Modified
2024-11-21 01:22
Severity ?
Summary
SQL injection vulnerability in index.php in CubeCart 4.3.3 allows remote attackers to execute arbitrary SQL commands via the searchStr parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A25D2804-DE46-4DFE-93A8-30A8320F62AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in CubeCart 4.3.3 allows remote attackers to execute arbitrary SQL commands via the searchStr parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en index.php en CubeCart v4.3.3, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro searchStr."
}
],
"id": "CVE-2010-4903",
"lastModified": "2024-11-21T01:22:02.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-08T10:55:06.957",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41352"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8441"
},
{
"source": "cve@mitre.org",
"url": "http://www.acunetix.com/blog/web-security-zone/articles/sql-injection-xss-cubecart-4-3-3/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/513572/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/43114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.acunetix.com/blog/web-security-zone/articles/sql-injection-xss-cubecart-4-3-3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/513572/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/43114"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-23 23:55
Modified
2024-11-21 01:31
Severity ?
Summary
CubeCart 4.4.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/shipping/USPS/calc.php and certain other files.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B85BE69-4601-41D4-899D-1D2FF622EDE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CubeCart 4.4.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/shipping/USPS/calc.php and certain other files."
},
{
"lang": "es",
"value": "CubeCart v4.4.3 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n directa a un archivo .php, lo que revela la ruta de instalaci\u00f3n en un mensaje de error, como se demostr\u00f3 con modules/shipping/USPS/calc.php y algunos otros archivos."
}
],
"id": "CVE-2011-3724",
"lastModified": "2024-11-21T01:31:05.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-23T23:55:02.927",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/CubeCart-4.4.3"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/CubeCart-4.4.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-31 17:44
Modified
2024-11-21 00:44
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in index.php in CubeCart 4.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the _a parameter in a searchStr action and the (2) Submit parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B79010-22A4-4D3D-8589-4D14F292D65E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in CubeCart 4.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the _a parameter in a searchStr action and the (2) Submit parameter."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en el archivo index.php en CubeCart versi\u00f3n 4.2.1, permiten a los atacantes remotos inyectar script web o HTML arbitrario por medio de (1) el par\u00e1metro _a en una acci\u00f3n searchStr y el par\u00e1metro (2) Submit."
}
],
"id": "CVE-2008-1550",
"lastModified": "2024-11-21T00:44:47.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-03-31T17:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://holisticinfosec.org/content/view/51/45/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29532"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28452"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://holisticinfosec.org/content/view/51/45/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41559"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-21 13:31
Modified
2024-11-21 01:35
Severity ?
Summary
Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cubecart | cubecart | * | |
| cubecart | cubecart | 3.0.0 | |
| cubecart | cubecart | 3.0.1 | |
| cubecart | cubecart | 3.0.2 | |
| cubecart | cubecart | 3.0.3 | |
| cubecart | cubecart | 3.0.4 | |
| cubecart | cubecart | 3.0.5 | |
| cubecart | cubecart | 3.0.6 | |
| cubecart | cubecart | 3.0.7 | |
| cubecart | cubecart | 3.0.8 | |
| cubecart | cubecart | 3.0.9 | |
| cubecart | cubecart | 3.0.10 | |
| cubecart | cubecart | 3.0.11 | |
| cubecart | cubecart | 3.0.12 | |
| cubecart | cubecart | 3.0.13 | |
| cubecart | cubecart | 3.0.14 | |
| cubecart | cubecart | 3.0.15 | |
| cubecart | cubecart | 3.0.16 | |
| cubecart | cubecart | 3.0.17 | |
| cubecart | cubecart | 3.0.18 | |
| cubecart | cubecart | 3.0.19 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cubecart:cubecart:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16AEEEBB-9C7C-4793-A2E3-F575EADE1D87",
"versionEndIncluding": "3.0.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE5409-82A4-403C-873C-9D526302D3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88994AE4-5FCF-44D2-B490-5E1659E772CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D66AC3A-800E-44C1-AA65-080647982674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D20B906-A4F2-4645-8FBB-9ACFE4DC7146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBC2E6C-ED74-4AE9-A034-4CE6A7E949F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F74BC2-A71F-4F47-AAD0-748C36FAA0DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "559DC274-2CD1-4E1A-8795-03B4F811477D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AE67A15A-A80B-4CDC-8008-2C62C8421E30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4213D073-0B59-400F-8C8D-E45DEDCEC17E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "80E8126B-4B37-4AA9-B024-0E9C7E279888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A978D9D2-ECB8-46C6-AB51-4DAA69FCA3AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "65F309AD-3A10-40A6-B780-8716209B1D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD096E3-22DF-462A-811D-E8C819F2F34C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1535E104-8ED7-44FC-AFE4-A843C4A01F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F8DB8FDF-DFD7-4E61-A2EB-4AE0B2F4671E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC82B0A-78A6-4418-8B53-2A54A7EB606C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "FD325EE4-DCF9-4728-859B-3FB8272017B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B45F1872-3EBF-4EEE-8E3F-3AB8F8ACB90E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "F932DDB7-5551-418C-BA64-ADEC2B62371D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "67E84998-7E48-46A8-A295-3949C15F989F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de redirecci\u00f3n abierta en CubeCart v3.0.20 y anteriores permite a atacantes remotos redirigir a los usuarios a sitios web arbitrarias y llevar a cabo ataques de phishing a trav\u00e9s de una URL en el par\u00e1metro (1) r para switch.php o (2) el par\u00e1metro goto para admin / login. php."
}
],
"id": "CVE-2012-0865",
"lastModified": "2024-11-21T01:35:52.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-02-21T13:31:45.343",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0058.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/79140"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/79141"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/12/4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/13/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/18/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/51966"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1026711"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bcubecart_3.0.20_3.0.x%5D_open_url_redirection"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0058.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/79140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/79141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/12/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/13/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/18/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/51966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1026711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bcubecart_3.0.20_3.0.x%5D_open_url_redirection"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-09-28 15:59
Modified
2024-11-21 02:35
Severity ?
Summary
classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cubecart:cubecart:5.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "92715FDD-3B78-4EF6-87C3-6562853630D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:5.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "721E8C21-47B8-4B21-A944-07439BAFED84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:5.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "ED7B3B53-353D-4FE4-BE1A-0358C2BA0465",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:5.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "99FA6A94-6657-4AF1-8651-E09D8FD5CA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54A2767D-0233-4382-89D6-694678FDC0A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F3A2549-E556-4405-9F72-0696C6A04B95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6F2DD9-F9AC-4B9C-A3F4-1DD71DF1082C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DCA4695-9537-4280-9774-230477B13513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B9CDFD-89B0-46A7-A6A6-ED5D8530C706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5B10B260-D3B2-4240-B421-A929DFA68124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1EB8E4A2-0C68-4B68-81AD-BD480EF3152E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad en classes/admin.class.php en CubeCart 5.2.12 hasta la versi\u00f3n 5.2.16 y 6.x en versiones anteriores a 6.0.7, no valida adecuadamente que una petici\u00f3n de reinicio de contrase\u00f1a fuese realizada, lo que permite a atacantes remotos cambiar la contrase\u00f1a del administrador a trav\u00e9s de una petici\u00f3n de recuperaci\u00f3n con un car\u00e1cter espacio en el par\u00e1metro validate y el email del administrador en el par\u00e1metro email."
}
],
"id": "CVE-2015-6928",
"lastModified": "2024-11-21T02:35:53.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-09-28T15:59:01.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/133535/CubeCart-6.0.6-Administrative-Bypass.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/40"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1034015"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://forums.cubecart.com/topic/50277-critical-security-issue-admin-account-hijack/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/133535/CubeCart-6.0.6-Administrative-Bypass.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/40"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://forums.cubecart.com/topic/50277-critical-security-issue-admin-account-hijack/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-17 05:15
Modified
2024-11-21 08:30
Severity ?
Summary
CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/ | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN22220399/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN22220399/ | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cubecart:cubecart:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56262126-6607-4B85-92DB-B257AF49E6EA",
"versionEndExcluding": "6.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command."
},
{
"lang": "es",
"value": "CubeCart anterior a 6.5.3 permite a un atacante remoto autenticado con privilegios administrativos ejecutar un comando arbitrario del sistema operativo."
}
],
"id": "CVE-2023-47675",
"lastModified": "2024-11-21T08:30:39.423",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-17T05:15:12.580",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN22220399/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN22220399/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-08 20:55
Modified
2024-11-21 01:49
Severity ?
Summary
The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cubecart:cubecart:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40420555-46E6-4C86-BE77-03948AF775E9",
"versionEndIncluding": "5.2.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object."
},
{
"lang": "es",
"value": "El m\u00e9todo _basket en /classes / cubecart.class.php en CubeCart v5.0.0 a trav\u00e9s de v5.2.0 permite a atacantes remotos desserializar objetos PHP a trav\u00e9s de un par\u00e1metro env\u00edo hecho a mano, como se ha demostrado mediante la modificaci\u00f3n de la configuraci\u00f3n de la aplicaci\u00f3n mediante el objeto Config."
}
],
"id": "CVE-2013-1465",
"lastModified": "2024-11-21T01:49:39.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2013-02-08T20:55:01.750",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0032.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.cubecart.com/?showtopic=47026"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://karmainsecurity.com/KIS-2013-02"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/89923"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/120094/CubeCart-5.2.0-PHP-Object-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/52072"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/24465"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/57770"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.cubecart.com/?showtopic=47026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://karmainsecurity.com/KIS-2013-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/89923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/120094/CubeCart-5.2.0-PHP-Object-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/52072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/24465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/57770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81920"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-13 15:29
Modified
2024-11-21 04:02
Severity ?
Summary
CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.netsparker.com/web-applications-advisories/ns-18-025-reflected-cross-site-scripting-in-cubecart/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.netsparker.com/web-applications-advisories/ns-18-025-reflected-cross-site-scripting-in-cubecart/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cubecart:cubecart:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AC42FD10-63B4-445A-92D1-A4AE128B031E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string."
},
{
"lang": "es",
"value": "CubeCart 6.2.2 tiene Cross-Site Scripting (XSS) reflejado mediante una cadena de consulta /{ADMIN-FILE}/."
}
],
"id": "CVE-2018-20703",
"lastModified": "2024-11-21T04:02:00.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-13T15:29:00.250",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.netsparker.com/web-applications-advisories/ns-18-025-reflected-cross-site-scripting-in-cubecart/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.netsparker.com/web-applications-advisories/ns-18-025-reflected-cross-site-scripting-in-cubecart/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-06 15:15
Modified
2024-11-21 09:19
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/julio-cfa/CVE-2024-34832 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/julio-cfa/CVE-2024-34832 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cubecart:cubecart:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E20B32EE-410E-46DE-A63F-2B5D7B35AF25",
"versionEndExcluding": "6.5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters."
},
{
"lang": "es",
"value": "Vulnerabilidad de Directory Traversal en CubeCart v.6.5.5 y anteriores permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo manipulado cargado en los par\u00e1metros _g y nodo."
}
],
"id": "CVE-2024-34832",
"lastModified": "2024-11-21T09:19:29.157",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-06-06T15:15:44.873",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/julio-cfa/CVE-2024-34832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/julio-cfa/CVE-2024-34832"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-28 16:59
Modified
2024-11-21 03:22
Severity ?
Summary
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN73182875/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/96429 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9499 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN73182875/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96429 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9499 | Not Applicable |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cubecart:cubecart:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42ECBD31-FDF0-42D8-9C29-C05D0836DE4E",
"versionEndIncluding": "6.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en CubeCart en versiones anteriores a 6.1.4 permite a los atacantes autenticados remotos leer archivos arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2017-2090",
"lastModified": "2024-11-21T03:22:52.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-28T16:59:00.370",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96429"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Not Applicable"
],
"url": "https://support.cybozu.com/ja-jp/article/9499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://support.cybozu.com/ja-jp/article/9499"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-22 13:06
Modified
2024-11-21 02:06
Severity ?
Summary
Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cubecart:cubecart:*:*:*:*:*:*:*:*",
"matchCriteriaId": "145808D5-BEB2-43EA-8D23-B6F0B02F77E5",
"versionEndIncluding": "5.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE658EF0-286C-47E4-8443-0E5203D5ECD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0777D64E-9CA6-4711-A839-50ED4DE8E8D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "66961FC2-915B-4C85-AF5E-A56CE871BACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "05E09E8D-06B2-42F6-A9CE-D33207FCF603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48412F97-B7AA-4514-B718-C69666DE5EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:5.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1C39817C-F7E1-404B-BFF4-071E22C58074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:5.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3A06DEC4-349A-4A62-97E0-AC0DC1233A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:5.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "53D70D86-AEF5-489D-8A2E-1C4A7D9B2363",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en CubeCart anterior a 5.2.9 permite a atacantes remotos secuestrar sesiones web a trav\u00e9s del par\u00e1metro PHPSESSID."
}
],
"id": "CVE-2014-2341",
"lastModified": "2024-11-21T02:06:07.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-22T13:06:29.367",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forums.cubecart.com/topic/48427-cubecart-529-relased/"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/57856"
},
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/32830"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/105784"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/66805"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1030086"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92526"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forums.cubecart.com/topic/48427-cubecart-529-relased/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/57856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/32830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/105784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92526"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-15 16:29
Modified
2024-11-21 04:02
Severity ?
Summary
CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.ripstech.com/2018/cubecart-admin-authentication-bypass/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.ripstech.com/2018/cubecart-admin-authentication-bypass/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cubecart:cubecart:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC06F5E-0BFB-496B-AAB7-C27C8C925B38",
"versionEndExcluding": "6.1.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the \"I forgot my Password!\" feature."
},
{
"lang": "es",
"value": "CubeCart, en versiones anteriores a la 6.1.13, tiene una inyecci\u00f3n SQL mediante el par\u00e1metro validate[] de la caracter\u00edstica \"I forgot my Password!\"."
}
],
"id": "CVE-2018-20716",
"lastModified": "2024-11-21T04:02:01.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-15T16:29:00.570",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.ripstech.com/2018/cubecart-admin-authentication-bypass/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.ripstech.com/2018/cubecart-admin-authentication-bypass/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-06 15:30
Modified
2024-11-21 01:08
Severity ?
Summary
classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2) X_CLUSTER_CLIENT_IP header, or (3) User-Agent header.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BB338F50-5ECB-46B6-A8A5-30F2E8DA7390",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2) X_CLUSTER_CLIENT_IP header, or (3) User-Agent header."
},
{
"lang": "es",
"value": "classes/session/cc_admin_session.php en CubeCart v4.3.4 no maneja adecuadamente las restricciones de permiso de acceso administrativo, permitiendo a atacantes remotos saltar las restricciones y obtener acceso administrativo mediante una petici\u00f3n HTTP que contenga un (1) sessID (ccAdmin cookie), (2) una cabecera X_CLUSTER_CLIENT_IP , o (3) una cabecera User-Agent vacios."
}
],
"id": "CVE-2009-3904",
"lastModified": "2024-11-21T01:08:29.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-11-06T15:30:00.733",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forums.cubecart.com/index.php?showtopic=39691?read=1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.cubecart.com/index.php?showtopic=39748"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37197"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.acunetix.com/blog/websecuritynews/cubecart-4-session-management-bypass-leads-to-administrator-access/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/507594/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/36882"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securitytracker.com/id?1023120"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3113"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forums.cubecart.com/index.php?showtopic=39691?read=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.cubecart.com/index.php?showtopic=39748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.acunetix.com/blog/websecuritynews/cubecart-4-session-management-bypass-leads-to-administrator-access/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/507594/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/36882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securitytracker.com/id?1023120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54062"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-27 19:15
Modified
2024-11-21 06:08
Severity ?
Summary
Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user's account through the active session.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/cubecart/v6/commit/aac7b3a13a43e302d91f94a120417b2fda737d0f | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/xoffense/POC/blob/main/Session%20Fixation%20in%20Cubecart%206.4.2.md | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cubecart/v6/commit/aac7b3a13a43e302d91f94a120417b2fda737d0f | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/xoffense/POC/blob/main/Session%20Fixation%20in%20Cubecart%206.4.2.md | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cubecart:cubecart:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4108CA29-9880-4D44-A968-F98A15D51507",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user\u0027s account through the active session."
},
{
"lang": "es",
"value": "Cubecart versi\u00f3n 6.4.2, permite la fijaci\u00f3n de sesiones.\u0026#xa0;La aplicaci\u00f3n no genera una nueva cookie de sesi\u00f3n despu\u00e9s de que el usuario inicia sesi\u00f3n. Un usuario malicioso puede crear un nuevo valor de cookie de sesi\u00f3n e inyectarlo a una v\u00edctima.\u0026#xa0;Despu\u00e9s de que la v\u00edctima inicia sesi\u00f3n, la cookie inyectada se vuelve v\u00e1lida, dandole al atacante acceso a la cuenta del usuario por medio de la sesi\u00f3n activa"
}
],
"id": "CVE-2021-33394",
"lastModified": "2024-11-21T06:08:47.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-27T19:15:08.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cubecart/v6/commit/aac7b3a13a43e302d91f94a120417b2fda737d0f"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/xoffense/POC/blob/main/Session%20Fixation%20in%20Cubecart%206.4.2.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cubecart/v6/commit/aac7b3a13a43e302d91f94a120417b2fda737d0f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/xoffense/POC/blob/main/Session%20Fixation%20in%20Cubecart%206.4.2.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-17 05:15
Modified
2024-11-21 08:30
Severity ?
Summary
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/ | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN22220399/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN22220399/ | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cubecart:cubecart:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56262126-6607-4B85-92DB-B257AF49E6EA",
"versionEndExcluding": "6.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system."
},
{
"lang": "es",
"value": "Vulnerabilidad de Directory Traversal en CubeCart anterior a 6.5.3 permite a un atacante remoto autenticado con privilegios administrativos obtener archivos en el sistema."
}
],
"id": "CVE-2023-47283",
"lastModified": "2024-11-21T08:30:07.433",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-17T05:15:12.530",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN22220399/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN22220399/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-17 05:15
Modified
2024-11-21 08:12
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/ | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN22220399/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN22220399/ | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cubecart:cubecart:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56262126-6607-4B85-92DB-B257AF49E6EA",
"versionEndExcluding": "6.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en CubeCart anterior a 6.5.3 permite que un atacante remoto no autenticado elimine datos en el sistema."
}
],
"id": "CVE-2023-38130",
"lastModified": "2024-11-21T08:12:55.240",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-17T05:15:12.300",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN22220399/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN22220399/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-28 16:59
Modified
2024-11-21 03:22
Severity ?
Summary
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN81618356/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/95866 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://forums.cubecart.com/topic/52088-cubecart-614-released/ | Patch, Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN81618356/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95866 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forums.cubecart.com/topic/52088-cubecart-614-released/ | Patch, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cubecart:cubecart:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42ECBD31-FDF0-42D8-9C29-C05D0836DE4E",
"versionEndIncluding": "6.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en CubeCart en versiones anteriores a 6.1.4 permite a los atacantes autenticados remotos leer archivos arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2017-2098",
"lastModified": "2024-11-21T03:22:53.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-28T16:59:00.637",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN81618356/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95866"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Release Notes"
],
"url": "https://forums.cubecart.com/topic/52088-cubecart-614-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN81618356/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes"
],
"url": "https://forums.cubecart.com/topic/52088-cubecart-614-released/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-24 02:30
Modified
2024-11-21 01:08
Severity ?
Summary
SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cubecart:cubecart:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42B3D304-95A9-4A1A-ABF8-DA44B1D29A19",
"versionEndIncluding": "4.3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21EE5409-82A4-403C-873C-9D526302D3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88994AE4-5FCF-44D2-B490-5E1659E772CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D66AC3A-800E-44C1-AA65-080647982674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D20B906-A4F2-4645-8FBB-9ACFE4DC7146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBC2E6C-ED74-4AE9-A034-4CE6A7E949F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F74BC2-A71F-4F47-AAD0-748C36FAA0DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "559DC274-2CD1-4E1A-8795-03B4F811477D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AE67A15A-A80B-4CDC-8008-2C62C8421E30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4213D073-0B59-400F-8C8D-E45DEDCEC17E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "80E8126B-4B37-4AA9-B024-0E9C7E279888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A978D9D2-ECB8-46C6-AB51-4DAA69FCA3AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "65F309AD-3A10-40A6-B780-8716209B1D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD096E3-22DF-462A-811D-E8C819F2F34C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1535E104-8ED7-44FC-AFE4-A843C4A01F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F8DB8FDF-DFD7-4E61-A2EB-4AE0B2F4671E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC82B0A-78A6-4418-8B53-2A54A7EB606C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "FD325EE4-DCF9-4728-859B-3FB8272017B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B45F1872-3EBF-4EEE-8E3F-3AB8F8ACB90E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "F932DDB7-5551-418C-BA64-ADEC2B62371D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "67E84998-7E48-46A8-A295-3949C15F989F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:3.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F19D76-F48A-4A12-B8D4-1A99808ACF57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A3CA60-EBA0-4B3A-AF16-AA773BD56942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.0.0:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "073A6D9F-B464-498C-89F4-4C99E6973A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.0.0:beta_3:*:*:*:*:*:*",
"matchCriteriaId": "9B31C165-3973-4D65-B1B9-7A483AE0A67E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.0.0:rc_1:*:*:*:*:*:*",
"matchCriteriaId": "B7C7C69E-B783-4706-A6C6-95C22D19BB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E756B470-72A0-470A-AD7F-E24689E98A3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3204AAED-71F3-4236-BE29-7266D6B37DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "502A928E-E84F-4ED0-BE00-5EAE5F35DD28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8518051-5DD5-43A1-8F72-564E80A79EDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.1.0:rc_1:*:*:*:*:*:*",
"matchCriteriaId": "818A0EB8-40FF-44E0-A9A5-57A24B482CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.1.0:rc_2:*:*:*:*:*:*",
"matchCriteriaId": "814BB3ED-CCA6-4015-A681-56836E5F0E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0292105-5614-4B5A-8033-CA6C92597679",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09BA899B-3F63-4D36-B040-9CB462FB8C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B79010-22A4-4D3D-8589-4D14F292D65E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6BFA9C2A-1E8D-4178-BD41-439A7FAAB5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D9E2D461-3984-4E7A-9F44-FE13EBA58BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52CA465B-D116-448E-BDC4-3082B6629880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "86A93B54-5099-4451-899A-69670C59584C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "972A0617-51AB-48B8-8874-48D025154F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A25D2804-DE46-4DFE-93A8-30A8320F62AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BB338F50-5ECB-46B6-A8A5-30F2E8DA7390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A873C5-B6A1-4222-910B-FE74C70EE071",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en includes/content/viewProd.inc.php en CubeCart antes de v4.3.7 permite ejecutar comandos SQL a atacantes remotos a trav\u00e9s del par\u00e1metro ProductID."
}
],
"id": "CVE-2009-4060",
"lastModified": "2024-11-21T01:08:50.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-11-24T02:30:00.483",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forums.cubecart.com/index.php?showtopic=39900"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/60306"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37402"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37065"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3290"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forums.cubecart.com/index.php?showtopic=39900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/60306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37402"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54331"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-28 16:59
Modified
2024-11-21 03:22
Severity ?
Summary
Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN63474730/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/96466 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://forums.cubecart.com/topic/52188-cubecart-615-released/ | Patch, Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN63474730/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96466 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forums.cubecart.com/topic/52188-cubecart-615-released/ | Patch, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cubecart:cubecart:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E0C4767-2B2A-4F13-B89E-99B41F71090E",
"versionEndIncluding": "6.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en CubeCart en versiones anteriores a 6.1.5 permite al atacante con derechos de administrador leer archivos arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2017-2117",
"lastModified": "2024-11-21T03:22:55.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-28T16:59:01.230",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN63474730/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96466"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Release Notes"
],
"url": "https://forums.cubecart.com/topic/52188-cubecart-615-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN63474730/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes"
],
"url": "https://forums.cubecart.com/topic/52188-cubecart-615-released/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-10 00:30
Modified
2024-11-21 01:15
Severity ?
Summary
SQL injection vulnerability in includes/content/cart.inc.php in CubeCart PHP Shopping cart 4.3.4 through 4.3.9 allows remote attackers to execute arbitrary SQL commands via the shipKey parameter to index.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BB338F50-5ECB-46B6-A8A5-30F2E8DA7390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A873C5-B6A1-4222-910B-FE74C70EE071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EA486E3B-AB4E-40B5-AE6C-1FEB23A9E96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C1672-55A2-40E9-BCAB-221824DCD197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "55771532-5A50-45B6-979D-959D5077E85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cubecart:cubecart:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FB47570B-77BC-40C4-B9E2-EB88953A7993",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in includes/content/cart.inc.php in CubeCart PHP Shopping cart 4.3.4 through 4.3.9 allows remote attackers to execute arbitrary SQL commands via the shipKey parameter to index.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en includes/content/cart.inc.php en CubeCart PHP Shopping cart v4.3.4 hasta v4.3.9 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro shipKey en index.php. \r\n\r\n"
}
],
"id": "CVE-2010-1931",
"lastModified": "2024-11-21T01:15:29.787",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-06-10T00:30:07.537",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://forums.cubecart.com/index.php?showtopic=41469"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/65250"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40102"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/content/cubecart-php-shopping-cart-sql-injection"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/511735/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/40641"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://forums.cubecart.com/index.php?showtopic=41469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/65250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/content/cubecart-php-shopping-cart-sql-injection"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/511735/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/40641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59245"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2023-47675
Vulnerability from cvelistv5
Published
2023-11-17 04:37
Modified
2024-08-02 21:16
Severity ?
EPSS score ?
Summary
CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CubeCart Limited | CubeCart |
Version: prior to 6.5.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:42.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN22220399/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CubeCart",
"vendor": "CubeCart Limited",
"versions": [
{
"status": "affected",
"version": "prior to 6.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-17T04:37:54.033Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"url": "https://jvn.jp/en/jp/JVN22220399/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-47675",
"datePublished": "2023-11-17T04:37:54.033Z",
"dateReserved": "2023-11-13T02:58:59.752Z",
"dateUpdated": "2024-08-02T21:16:42.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20703
Vulnerability from cvelistv5
Published
2019-01-13 15:00
Modified
2024-09-16 17:03
Severity ?
EPSS score ?
Summary
CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:05:17.720Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netsparker.com/web-applications-advisories/ns-18-025-reflected-cross-site-scripting-in-cubecart/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-13T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netsparker.com/web-applications-advisories/ns-18-025-reflected-cross-site-scripting-in-cubecart/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netsparker.com/web-applications-advisories/ns-18-025-reflected-cross-site-scripting-in-cubecart/",
"refsource": "MISC",
"url": "https://www.netsparker.com/web-applications-advisories/ns-18-025-reflected-cross-site-scripting-in-cubecart/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20703",
"datePublished": "2019-01-13T15:00:00Z",
"dateReserved": "2019-01-13T00:00:00Z",
"dateUpdated": "2024-09-16T17:03:41.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1465
Vulnerability from cvelistv5
Published
2013-02-08 20:00
Modified
2024-08-06 15:04
Severity ?
EPSS score ?
Summary
The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object.
References
| ▼ | URL | Tags |
|---|---|---|
| http://forums.cubecart.com/?showtopic=47026 | x_refsource_CONFIRM | |
| http://archives.neohapsis.com/archives/bugtraq/2013-02/0032.html | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/81920 | vdb-entry, x_refsource_XF | |
| http://karmainsecurity.com/KIS-2013-02 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/57770 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/120094/CubeCart-5.2.0-PHP-Object-Injection.html | x_refsource_MISC | |
| http://secunia.com/advisories/52072 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/89923 | vdb-entry, x_refsource_OSVDB | |
| http://www.exploit-db.com/exploits/24465 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:04:48.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.cubecart.com/?showtopic=47026"
},
{
"name": "20130206 [KIS-2013-02] CubeCart \u003c= 5.2.0 (cubecart.class.php) PHP Object Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0032.html"
},
{
"name": "cubecart-shipping-unauth-access(81920)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81920"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://karmainsecurity.com/KIS-2013-02"
},
{
"name": "57770",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57770"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/120094/CubeCart-5.2.0-PHP-Object-Injection.html"
},
{
"name": "52072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52072"
},
{
"name": "89923",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/89923"
},
{
"name": "24465",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/24465"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.cubecart.com/?showtopic=47026"
},
{
"name": "20130206 [KIS-2013-02] CubeCart \u003c= 5.2.0 (cubecart.class.php) PHP Object Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0032.html"
},
{
"name": "cubecart-shipping-unauth-access(81920)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81920"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://karmainsecurity.com/KIS-2013-02"
},
{
"name": "57770",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57770"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/120094/CubeCart-5.2.0-PHP-Object-Injection.html"
},
{
"name": "52072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52072"
},
{
"name": "89923",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/89923"
},
{
"name": "24465",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/24465"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forums.cubecart.com/?showtopic=47026",
"refsource": "CONFIRM",
"url": "http://forums.cubecart.com/?showtopic=47026"
},
{
"name": "20130206 [KIS-2013-02] CubeCart \u003c= 5.2.0 (cubecart.class.php) PHP Object Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0032.html"
},
{
"name": "cubecart-shipping-unauth-access(81920)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81920"
},
{
"name": "http://karmainsecurity.com/KIS-2013-02",
"refsource": "MISC",
"url": "http://karmainsecurity.com/KIS-2013-02"
},
{
"name": "57770",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57770"
},
{
"name": "http://packetstormsecurity.com/files/120094/CubeCart-5.2.0-PHP-Object-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/120094/CubeCart-5.2.0-PHP-Object-Injection.html"
},
{
"name": "52072",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52072"
},
{
"name": "89923",
"refsource": "OSVDB",
"url": "http://osvdb.org/89923"
},
{
"name": "24465",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/24465"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1465",
"datePublished": "2013-02-08T20:00:00",
"dateReserved": "2013-01-29T00:00:00",
"dateUpdated": "2024-08-06T15:04:48.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-42428
Vulnerability from cvelistv5
Published
2023-11-17 04:37
Modified
2024-08-02 19:16
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CubeCart Limited | CubeCart |
Version: prior to 6.5.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:16:51.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN22220399/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CubeCart",
"vendor": "CubeCart Limited",
"versions": [
{
"status": "affected",
"version": "prior to 6.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-17T04:37:21.879Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"url": "https://jvn.jp/en/jp/JVN22220399/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-42428",
"datePublished": "2023-11-17T04:37:21.879Z",
"dateReserved": "2023-11-13T02:59:01.085Z",
"dateUpdated": "2024-08-02T19:16:51.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2341
Vulnerability from cvelistv5
Published
2014-04-21 14:00
Modified
2024-08-06 10:14
Severity ?
EPSS score ?
Summary
Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/57856 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/66805 | vdb-entry, x_refsource_BID | |
| http://forums.cubecart.com/topic/48427-cubecart-529-relased/ | x_refsource_CONFIRM | |
| http://www.osvdb.org/105784 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id/1030086 | vdb-entry, x_refsource_SECTRACK | |
| http://www.exploit-db.com/exploits/32830 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/92526 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57856",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57856"
},
{
"name": "66805",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66805"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.cubecart.com/topic/48427-cubecart-529-relased/"
},
{
"name": "105784",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/105784"
},
{
"name": "1030086",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030086"
},
{
"name": "32830",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/32830"
},
{
"name": "cubecart-cve20142341-session-hijacking(92526)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92526"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "57856",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57856"
},
{
"name": "66805",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66805"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.cubecart.com/topic/48427-cubecart-529-relased/"
},
{
"name": "105784",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/105784"
},
{
"name": "1030086",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030086"
},
{
"name": "32830",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/32830"
},
{
"name": "cubecart-cve20142341-session-hijacking(92526)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92526"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57856"
},
{
"name": "66805",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66805"
},
{
"name": "http://forums.cubecart.com/topic/48427-cubecart-529-relased/",
"refsource": "CONFIRM",
"url": "http://forums.cubecart.com/topic/48427-cubecart-529-relased/"
},
{
"name": "105784",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/105784"
},
{
"name": "1030086",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030086"
},
{
"name": "32830",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/32830"
},
{
"name": "cubecart-cve20142341-session-hijacking(92526)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92526"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2341",
"datePublished": "2014-04-21T14:00:00",
"dateReserved": "2014-03-12T00:00:00",
"dateUpdated": "2024-08-06T10:14:25.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0865
Vulnerability from cvelistv5
Published
2012-02-21 00:00
Modified
2024-08-06 18:38
Severity ?
EPSS score ?
Summary
Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/02/13/5 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/02/18/1 | mailing-list, x_refsource_MLIST | |
| http://yehg.net/lab/pr0js/advisories/%5Bcubecart_3.0.20_3.0.x%5D_open_url_redirection | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2012/02/12/4 | mailing-list, x_refsource_MLIST | |
| http://osvdb.org/79140 | vdb-entry, x_refsource_OSVDB | |
| http://archives.neohapsis.com/archives/bugtraq/2012-02/0058.html | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/79141 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id?1026711 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/51966 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120213 Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/13/5"
},
{
"name": "[oss-security] 20120217 Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/18/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bcubecart_3.0.20_3.0.x%5D_open_url_redirection"
},
{
"name": "[oss-security] 20120212 CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/12/4"
},
{
"name": "79140",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/79140"
},
{
"name": "20120210 CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0058.html"
},
{
"name": "79141",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/79141"
},
{
"name": "1026711",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026711"
},
{
"name": "51966",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51966"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-10T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120213 Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/13/5"
},
{
"name": "[oss-security] 20120217 Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/18/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bcubecart_3.0.20_3.0.x%5D_open_url_redirection"
},
{
"name": "[oss-security] 20120212 CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/12/4"
},
{
"name": "79140",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/79140"
},
{
"name": "20120210 CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0058.html"
},
{
"name": "79141",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/79141"
},
{
"name": "1026711",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026711"
},
{
"name": "51966",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51966"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120213 Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/02/13/5"
},
{
"name": "[oss-security] 20120217 Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/02/18/1"
},
{
"name": "http://yehg.net/lab/pr0js/advisories/%5Bcubecart_3.0.20_3.0.x%5D_open_url_redirection",
"refsource": "MISC",
"url": "http://yehg.net/lab/pr0js/advisories/%5Bcubecart_3.0.20_3.0.x%5D_open_url_redirection"
},
{
"name": "[oss-security] 20120212 CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/02/12/4"
},
{
"name": "79140",
"refsource": "OSVDB",
"url": "http://osvdb.org/79140"
},
{
"name": "20120210 CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0058.html"
},
{
"name": "79141",
"refsource": "OSVDB",
"url": "http://osvdb.org/79141"
},
{
"name": "1026711",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026711"
},
{
"name": "51966",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51966"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0865",
"datePublished": "2012-02-21T00:00:00",
"dateReserved": "2012-01-19T00:00:00",
"dateUpdated": "2024-08-06T18:38:14.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4903
Vulnerability from cvelistv5
Published
2011-10-08 10:00
Modified
2024-08-07 04:02
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in index.php in CubeCart 4.3.3 allows remote attackers to execute arbitrary SQL commands via the searchStr parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/513572/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.acunetix.com/blog/web-security-zone/articles/sql-injection-xss-cubecart-4-3-3/ | x_refsource_MISC | |
| http://secunia.com/advisories/41352 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/8441 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/43114 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:30.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100909 SQL Injection and XSS vulnerabilities in CubeCart version 4.3.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/513572/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acunetix.com/blog/web-security-zone/articles/sql-injection-xss-cubecart-4-3-3/"
},
{
"name": "41352",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41352"
},
{
"name": "8441",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8441"
},
{
"name": "43114",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43114"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in CubeCart 4.3.3 allows remote attackers to execute arbitrary SQL commands via the searchStr parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20100909 SQL Injection and XSS vulnerabilities in CubeCart version 4.3.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/513572/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acunetix.com/blog/web-security-zone/articles/sql-injection-xss-cubecart-4-3-3/"
},
{
"name": "41352",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41352"
},
{
"name": "8441",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8441"
},
{
"name": "43114",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in CubeCart 4.3.3 allows remote attackers to execute arbitrary SQL commands via the searchStr parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100909 SQL Injection and XSS vulnerabilities in CubeCart version 4.3.3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513572/100/0/threaded"
},
{
"name": "http://www.acunetix.com/blog/web-security-zone/articles/sql-injection-xss-cubecart-4-3-3/",
"refsource": "MISC",
"url": "http://www.acunetix.com/blog/web-security-zone/articles/sql-injection-xss-cubecart-4-3-3/"
},
{
"name": "41352",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41352"
},
{
"name": "8441",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8441"
},
{
"name": "43114",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4903",
"datePublished": "2011-10-08T10:00:00",
"dateReserved": "2011-10-07T00:00:00",
"dateUpdated": "2024-08-07T04:02:30.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2090
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN73182875/index.html | third-party-advisory, x_refsource_JVN | |
| https://support.cybozu.com/ja-jp/article/9499 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/96429 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 3.0.0 to 4.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#73182875",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9499"
},
{
"name": "96429",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.3"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#73182875",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.cybozu.com/ja-jp/article/9499"
},
{
"name": "96429",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#73182875",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9499",
"refsource": "MISC",
"url": "https://support.cybozu.com/ja-jp/article/9499"
},
{
"name": "96429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2090",
"datePublished": "2017-04-28T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:39:32.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-34832
Vulnerability from cvelistv5
Published
2024-06-06 14:45
Modified
2025-02-13 15:53
Severity ?
EPSS score ?
Summary
Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:22.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/julio-cfa/CVE-2024-34832"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cubecart:cubecart:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cubecart",
"vendor": "cubecart",
"versions": [
{
"lessThanOrEqual": "6.5.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-34832",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T18:57:41.392626Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T19:13:51.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T14:45:49.634Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/julio-cfa/CVE-2024-34832"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-34832",
"datePublished": "2024-06-06T14:45:49.273Z",
"dateReserved": "2024-05-09T00:00:00.000Z",
"dateUpdated": "2025-02-13T15:53:27.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20716
Vulnerability from cvelistv5
Published
2019-01-15 16:00
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.ripstech.com/2018/cubecart-admin-authentication-bypass/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:28.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.ripstech.com/2018/cubecart-admin-authentication-bypass/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the \"I forgot my Password!\" feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-15T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.ripstech.com/2018/cubecart-admin-authentication-bypass/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the \"I forgot my Password!\" feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.ripstech.com/2018/cubecart-admin-authentication-bypass/",
"refsource": "MISC",
"url": "https://blog.ripstech.com/2018/cubecart-admin-authentication-bypass/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20716",
"datePublished": "2019-01-15T16:00:00",
"dateReserved": "2019-01-15T00:00:00",
"dateUpdated": "2024-08-05T12:12:28.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47283
Vulnerability from cvelistv5
Published
2023-11-17 04:37
Modified
2024-08-02 21:09
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CubeCart Limited | CubeCart |
Version: prior to 6.5.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:36.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN22220399/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CubeCart",
"vendor": "CubeCart Limited",
"versions": [
{
"status": "affected",
"version": "prior to 6.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-17T04:37:37.783Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"url": "https://jvn.jp/en/jp/JVN22220399/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-47283",
"datePublished": "2023-11-17T04:37:37.783Z",
"dateReserved": "2023-11-13T02:59:03.879Z",
"dateUpdated": "2024-08-02T21:09:36.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38130
Vulnerability from cvelistv5
Published
2023-11-17 04:37
Modified
2025-01-06 17:26
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CubeCart Limited | CubeCart |
Version: prior to 6.5.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:14.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN22220399/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38130",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-17T15:15:09.827678Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T17:26:05.978Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CubeCart",
"vendor": "CubeCart Limited",
"versions": [
{
"status": "affected",
"version": "prior to 6.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery (CSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-17T04:37:02.535Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"url": "https://jvn.jp/en/jp/JVN22220399/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-38130",
"datePublished": "2023-11-17T04:37:02.535Z",
"dateReserved": "2023-11-13T02:59:04.704Z",
"dateUpdated": "2025-01-06T17:26:05.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3904
Vulnerability from cvelistv5
Published
2009-11-06 15:00
Modified
2024-08-07 06:45
Severity ?
EPSS score ?
Summary
classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2) X_CLUSTER_CLIENT_IP header, or (3) User-Agent header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.acunetix.com/blog/websecuritynews/cubecart-4-session-management-bypass-leads-to-administrator-access/ | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54062 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1023120 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2009/3113 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/507594/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://forums.cubecart.com/index.php?showtopic=39691?read=1 | x_refsource_CONFIRM | |
| http://forums.cubecart.com/index.php?showtopic=39748 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/37197 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/36882 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:50.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acunetix.com/blog/websecuritynews/cubecart-4-session-management-bypass-leads-to-administrator-access/"
},
{
"name": "cubecart-session-security-bypass(54062)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54062"
},
{
"name": "1023120",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023120"
},
{
"name": "ADV-2009-3113",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3113"
},
{
"name": "20091030 CubeCart 4 Session Management Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507594/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.cubecart.com/index.php?showtopic=39691?read=1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.cubecart.com/index.php?showtopic=39748"
},
{
"name": "37197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37197"
},
{
"name": "36882",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36882"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2) X_CLUSTER_CLIENT_IP header, or (3) User-Agent header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acunetix.com/blog/websecuritynews/cubecart-4-session-management-bypass-leads-to-administrator-access/"
},
{
"name": "cubecart-session-security-bypass(54062)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54062"
},
{
"name": "1023120",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023120"
},
{
"name": "ADV-2009-3113",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3113"
},
{
"name": "20091030 CubeCart 4 Session Management Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507594/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.cubecart.com/index.php?showtopic=39691?read=1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.cubecart.com/index.php?showtopic=39748"
},
{
"name": "37197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37197"
},
{
"name": "36882",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36882"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2) X_CLUSTER_CLIENT_IP header, or (3) User-Agent header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.acunetix.com/blog/websecuritynews/cubecart-4-session-management-bypass-leads-to-administrator-access/",
"refsource": "MISC",
"url": "http://www.acunetix.com/blog/websecuritynews/cubecart-4-session-management-bypass-leads-to-administrator-access/"
},
{
"name": "cubecart-session-security-bypass(54062)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54062"
},
{
"name": "1023120",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023120"
},
{
"name": "ADV-2009-3113",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3113"
},
{
"name": "20091030 CubeCart 4 Session Management Bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507594/100/0/threaded"
},
{
"name": "http://forums.cubecart.com/index.php?showtopic=39691?read=1",
"refsource": "CONFIRM",
"url": "http://forums.cubecart.com/index.php?showtopic=39691?read=1"
},
{
"name": "http://forums.cubecart.com/index.php?showtopic=39748",
"refsource": "CONFIRM",
"url": "http://forums.cubecart.com/index.php?showtopic=39748"
},
{
"name": "37197",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37197"
},
{
"name": "36882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36882"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3904",
"datePublished": "2009-11-06T15:00:00",
"dateReserved": "2009-11-06T00:00:00",
"dateUpdated": "2024-08-07T06:45:50.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1931
Vulnerability from cvelistv5
Published
2010-06-10 00:00
Modified
2024-08-07 02:17
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in includes/content/cart.inc.php in CubeCart PHP Shopping cart 4.3.4 through 4.3.9 allows remote attackers to execute arbitrary SQL commands via the shipKey parameter to index.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/40102 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/511735/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://forums.cubecart.com/index.php?showtopic=41469 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/40641 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/59245 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/65250 | vdb-entry, x_refsource_OSVDB | |
| http://www.coresecurity.com/content/cubecart-php-shopping-cart-sql-injection | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:12.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40102",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40102"
},
{
"name": "20100608 [CORE-2010-0415] SQL Injection in CubeCart PHP Free \u0026 Commercial Shopping Cart Application",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511735/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.cubecart.com/index.php?showtopic=41469"
},
{
"name": "40641",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40641"
},
{
"name": "cubecart-shipkey-sql-injection(59245)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59245"
},
{
"name": "65250",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/65250"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/cubecart-php-shopping-cart-sql-injection"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in includes/content/cart.inc.php in CubeCart PHP Shopping cart 4.3.4 through 4.3.9 allows remote attackers to execute arbitrary SQL commands via the shipKey parameter to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "40102",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40102"
},
{
"name": "20100608 [CORE-2010-0415] SQL Injection in CubeCart PHP Free \u0026 Commercial Shopping Cart Application",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511735/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.cubecart.com/index.php?showtopic=41469"
},
{
"name": "40641",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40641"
},
{
"name": "cubecart-shipkey-sql-injection(59245)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59245"
},
{
"name": "65250",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/65250"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/cubecart-php-shopping-cart-sql-injection"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in includes/content/cart.inc.php in CubeCart PHP Shopping cart 4.3.4 through 4.3.9 allows remote attackers to execute arbitrary SQL commands via the shipKey parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40102",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40102"
},
{
"name": "20100608 [CORE-2010-0415] SQL Injection in CubeCart PHP Free \u0026 Commercial Shopping Cart Application",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511735/100/0/threaded"
},
{
"name": "http://forums.cubecart.com/index.php?showtopic=41469",
"refsource": "CONFIRM",
"url": "http://forums.cubecart.com/index.php?showtopic=41469"
},
{
"name": "40641",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40641"
},
{
"name": "cubecart-shipkey-sql-injection(59245)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59245"
},
{
"name": "65250",
"refsource": "OSVDB",
"url": "http://osvdb.org/65250"
},
{
"name": "http://www.coresecurity.com/content/cubecart-php-shopping-cart-sql-injection",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/cubecart-php-shopping-cart-sql-injection"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1931",
"datePublished": "2010-06-10T00:00:00",
"dateReserved": "2010-05-11T00:00:00",
"dateUpdated": "2024-08-07T02:17:12.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1550
Vulnerability from cvelistv5
Published
2008-03-31 17:00
Modified
2024-08-07 08:24
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in index.php in CubeCart 4.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the _a parameter in a searchStr action and the (2) Submit parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://holisticinfosec.org/content/view/51/45/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/28452 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/29532 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41559 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://holisticinfosec.org/content/view/51/45/"
},
{
"name": "28452",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28452"
},
{
"name": "29532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29532"
},
{
"name": "cubecart-indexphp-xss(41559)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41559"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in CubeCart 4.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the _a parameter in a searchStr action and the (2) Submit parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://holisticinfosec.org/content/view/51/45/"
},
{
"name": "28452",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28452"
},
{
"name": "29532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29532"
},
{
"name": "cubecart-indexphp-xss(41559)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41559"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in CubeCart 4.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the _a parameter in a searchStr action and the (2) Submit parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://holisticinfosec.org/content/view/51/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/51/45/"
},
{
"name": "28452",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28452"
},
{
"name": "29532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29532"
},
{
"name": "cubecart-indexphp-xss(41559)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41559"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1550",
"datePublished": "2008-03-31T17:00:00",
"dateReserved": "2008-03-31T00:00:00",
"dateUpdated": "2024-08-07T08:24:42.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2117
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96466 | vdb-entry, x_refsource_BID | |
| https://forums.cubecart.com/topic/52188-cubecart-615-released/ | x_refsource_MISC | |
| http://jvn.jp/en/jp/JVN63474730/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CubeCart Limited | CubeCart |
Version: versions prior to 6.1.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96466",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96466"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forums.cubecart.com/topic/52188-cubecart-615-released/"
},
{
"name": "JVN#63474730",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN63474730/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CubeCart",
"vendor": "CubeCart Limited",
"versions": [
{
"status": "affected",
"version": "versions prior to 6.1.5"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "96466",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96466"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forums.cubecart.com/topic/52188-cubecart-615-released/"
},
{
"name": "JVN#63474730",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN63474730/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CubeCart",
"version": {
"version_data": [
{
"version_value": "versions prior to 6.1.5"
}
]
}
}
]
},
"vendor_name": "CubeCart Limited"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96466",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96466"
},
{
"name": "https://forums.cubecart.com/topic/52188-cubecart-615-released/",
"refsource": "MISC",
"url": "https://forums.cubecart.com/topic/52188-cubecart-615-released/"
},
{
"name": "JVN#63474730",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN63474730/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2117",
"datePublished": "2017-04-28T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:39:32.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2098
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forums.cubecart.com/topic/52088-cubecart-614-released/ | x_refsource_MISC | |
| http://jvn.jp/en/jp/JVN81618356/index.html | third-party-advisory, x_refsource_JVN | |
| http://www.securityfocus.com/bid/95866 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CubeCart Limited | CubeCart |
Version: versions prior to 6.1.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forums.cubecart.com/topic/52088-cubecart-614-released/"
},
{
"name": "JVN#81618356",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN81618356/index.html"
},
{
"name": "95866",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95866"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CubeCart",
"vendor": "CubeCart Limited",
"versions": [
{
"status": "affected",
"version": "versions prior to 6.1.4"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forums.cubecart.com/topic/52088-cubecart-614-released/"
},
{
"name": "JVN#81618356",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN81618356/index.html"
},
{
"name": "95866",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95866"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CubeCart",
"version": {
"version_data": [
{
"version_value": "versions prior to 6.1.4"
}
]
}
}
]
},
"vendor_name": "CubeCart Limited"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forums.cubecart.com/topic/52088-cubecart-614-released/",
"refsource": "MISC",
"url": "https://forums.cubecart.com/topic/52088-cubecart-614-released/"
},
{
"name": "JVN#81618356",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN81618356/index.html"
},
{
"name": "95866",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95866"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2098",
"datePublished": "2017-04-28T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:39:32.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4060
Vulnerability from cvelistv5
Published
2009-11-24 02:00
Modified
2024-08-07 06:45
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/37065 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/60306 | vdb-entry, x_refsource_OSVDB | |
| http://forums.cubecart.com/index.php?showtopic=39900 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2009/3290 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/37402 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54331 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:51.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37065",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37065"
},
{
"name": "60306",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60306"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.cubecart.com/index.php?showtopic=39900"
},
{
"name": "ADV-2009-3290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3290"
},
{
"name": "37402",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37402"
},
{
"name": "cubecart-viewprod-sql-injection(54331)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54331"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37065",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37065"
},
{
"name": "60306",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60306"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.cubecart.com/index.php?showtopic=39900"
},
{
"name": "ADV-2009-3290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3290"
},
{
"name": "37402",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37402"
},
{
"name": "cubecart-viewprod-sql-injection(54331)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54331"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37065",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37065"
},
{
"name": "60306",
"refsource": "OSVDB",
"url": "http://osvdb.org/60306"
},
{
"name": "http://forums.cubecart.com/index.php?showtopic=39900",
"refsource": "CONFIRM",
"url": "http://forums.cubecart.com/index.php?showtopic=39900"
},
{
"name": "ADV-2009-3290",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3290"
},
{
"name": "37402",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37402"
},
{
"name": "cubecart-viewprod-sql-injection(54331)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54331"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4060",
"datePublished": "2009-11-24T02:00:00",
"dateReserved": "2009-11-23T00:00:00",
"dateUpdated": "2024-08-07T06:45:51.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33394
Vulnerability from cvelistv5
Published
2021-05-27 18:23
Modified
2024-08-03 23:50
Severity ?
EPSS score ?
Summary
Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user's account through the active session.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xoffense/POC/blob/main/Session%20Fixation%20in%20Cubecart%206.4.2.md | x_refsource_MISC | |
| https://github.com/cubecart/v6/commit/aac7b3a13a43e302d91f94a120417b2fda737d0f | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xoffense/POC/blob/main/Session%20Fixation%20in%20Cubecart%206.4.2.md"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cubecart/v6/commit/aac7b3a13a43e302d91f94a120417b2fda737d0f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user\u0027s account through the active session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-27T18:23:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xoffense/POC/blob/main/Session%20Fixation%20in%20Cubecart%206.4.2.md"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cubecart/v6/commit/aac7b3a13a43e302d91f94a120417b2fda737d0f"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user\u0027s account through the active session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xoffense/POC/blob/main/Session%20Fixation%20in%20Cubecart%206.4.2.md",
"refsource": "MISC",
"url": "https://github.com/xoffense/POC/blob/main/Session%20Fixation%20in%20Cubecart%206.4.2.md"
},
{
"name": "https://github.com/cubecart/v6/commit/aac7b3a13a43e302d91f94a120417b2fda737d0f",
"refsource": "CONFIRM",
"url": "https://github.com/cubecart/v6/commit/aac7b3a13a43e302d91f94a120417b2fda737d0f"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33394",
"datePublished": "2021-05-27T18:23:19",
"dateReserved": "2021-05-20T00:00:00",
"dateUpdated": "2024-08-03T23:50:42.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6928
Vulnerability from cvelistv5
Published
2015-09-28 15:00
Modified
2024-08-06 07:36
Severity ?
EPSS score ?
Summary
classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forums.cubecart.com/topic/50277-critical-security-issue-admin-account-hijack/ | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2015/Sep/40 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/133535/CubeCart-6.0.6-Administrative-Bypass.html | x_refsource_MISC | |
| http://www.securitytracker.com/id/1034015 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:34.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://forums.cubecart.com/topic/50277-critical-security-issue-admin-account-hijack/"
},
{
"name": "20150910 CubeCart 6.0.6 \u003e 5.2.12 admin hijacking vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/40"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133535/CubeCart-6.0.6-Administrative-Bypass.html"
},
{
"name": "1034015",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T21:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://forums.cubecart.com/topic/50277-critical-security-issue-admin-account-hijack/"
},
{
"name": "20150910 CubeCart 6.0.6 \u003e 5.2.12 admin hijacking vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/40"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133535/CubeCart-6.0.6-Administrative-Bypass.html"
},
{
"name": "1034015",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034015"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forums.cubecart.com/topic/50277-critical-security-issue-admin-account-hijack/",
"refsource": "CONFIRM",
"url": "https://forums.cubecart.com/topic/50277-critical-security-issue-admin-account-hijack/"
},
{
"name": "20150910 CubeCart 6.0.6 \u003e 5.2.12 admin hijacking vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Sep/40"
},
{
"name": "http://packetstormsecurity.com/files/133535/CubeCart-6.0.6-Administrative-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133535/CubeCart-6.0.6-Administrative-Bypass.html"
},
{
"name": "1034015",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034015"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6928",
"datePublished": "2015-09-28T15:00:00",
"dateReserved": "2015-09-14T00:00:00",
"dateUpdated": "2024-08-06T07:36:34.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3724
Vulnerability from cvelistv5
Published
2011-09-23 23:00
Modified
2024-09-17 03:28
Severity ?
EPSS score ?
Summary
CubeCart 4.4.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/shipping/USPS/calc.php and certain other files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2011/06/27/6 | mailing-list, x_refsource_MLIST | |
| http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README | x_refsource_MISC | |
| http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/CubeCart-4.4.3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:02.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/CubeCart-4.4.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CubeCart 4.4.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/shipping/USPS/calc.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-23T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/CubeCart-4.4.3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CubeCart 4.4.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/shipping/USPS/calc.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/CubeCart-4.4.3",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/CubeCart-4.4.3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3724",
"datePublished": "2011-09-23T23:00:00Z",
"dateReserved": "2011-09-23T00:00:00Z",
"dateUpdated": "2024-09-17T03:28:43.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}