CVE-2018-20716
https://notcve.org/view.php?id=CVE-2018-20716
CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature. CubeCart, en versiones anteriores a la 6.1.13, tiene una inyección SQL mediante el parámetro validate[] de la característica "I forgot my Password!". • https://blog.ripstech.com/2018/cubecart-admin-authentication-bypass • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2018-20703 – CubeCart 6.2.2 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-20703
CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string. CubeCart 6.2.2 tiene Cross-Site Scripting (XSS) reflejado mediante una cadena de consulta /{ADMIN-FILE}/. CubeCart version 6.2.2 suffers from a cross site scripting vulnerability. • https://www.netsparker.com/web-applications-advisories/ns-18-025-reflected-cross-site-scripting-in-cubecart • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-2098
https://notcve.org/view.php?id=CVE-2017-2098
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en CubeCart en versiones anteriores a 6.1.4 permite a los atacantes autenticados remotos leer archivos arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN81618356/index.html http://www.securityfocus.com/bid/95866 https://forums.cubecart.com/topic/52088-cubecart-614-released • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2017-2090
https://notcve.org/view.php?id=CVE-2017-2090
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en CubeCart en versiones anteriores a 6.1.4 permite a los atacantes autenticados remotos leer archivos arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN73182875/index.html http://www.securityfocus.com/bid/96429 https://support.cybozu.com/ja-jp/article/9499 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2017-2117
https://notcve.org/view.php?id=CVE-2017-2117
Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en CubeCart en versiones anteriores a 6.1.5 permite al atacante con derechos de administrador leer archivos arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN63474730/index.html http://www.securityfocus.com/bid/96466 https://forums.cubecart.com/topic/52188-cubecart-615-released • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •