CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2098
https://notcve.org/view.php?id=CVE-2017-2098
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en CubeCart en versiones anteriores a 6.1.4 permite a los atacantes autenticados remotos leer archivos arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN81618356/index.html http://www.securityfocus.com/bid/95866 https://forums.cubecart.com/topic/52088-cubecart-614-released • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2090
https://notcve.org/view.php?id=CVE-2017-2090
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en CubeCart en versiones anteriores a 6.1.4 permite a los atacantes autenticados remotos leer archivos arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN73182875/index.html http://www.securityfocus.com/bid/96429 https://support.cybozu.com/ja-jp/article/9499 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2117
https://notcve.org/view.php?id=CVE-2017-2117
Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en CubeCart en versiones anteriores a 6.1.5 permite al atacante con derechos de administrador leer archivos arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN63474730/index.html http://www.securityfocus.com/bid/96466 https://forums.cubecart.com/topic/52188-cubecart-615-released • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 16%CPEs: 9EXPL: 2CVE-2014-2341 – CubeCart 5.2.8 - Session Fixation
https://notcve.org/view.php?id=CVE-2014-2341
Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter. Vulnerabilidad de fijación de sesión en CubeCart anterior a 5.2.9 permite a atacantes remotos secuestrar sesiones web a través del parámetro PHPSESSID. • https://www.exploit-db.com/exploits/32830 http://forums.cubecart.com/topic/48427-cubecart-529-relased http://secunia.com/advisories/57856 http://www.exploit-db.com/exploits/32830 http://www.osvdb.org/105784 http://www.securityfocus.com/bid/66805 http://www.securitytracker.com/id/1030086 https://exchange.xforce.ibmcloud.com/vulnerabilities/92526 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 4CVE-2010-1931 – CubeCart PHP 4.3.x - 'shipkey' SQL Injection
https://notcve.org/view.php?id=CVE-2010-1931
SQL injection vulnerability in includes/content/cart.inc.php in CubeCart PHP Shopping cart 4.3.4 through 4.3.9 allows remote attackers to execute arbitrary SQL commands via the shipKey parameter to index.php. Vulnerabilidad de inyección SQL en includes/content/cart.inc.php en CubeCart PHP Shopping cart v4.3.4 hasta v4.3.9 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro shipKey en index.php. • https://www.exploit-db.com/exploits/14117 http://forums.cubecart.com/index.php?showtopic=41469 http://osvdb.org/65250 http://secunia.com/advisories/40102 http://www.coresecurity.com/content/cubecart-php-shopping-cart-sql-injection http://www.securityfocus.com/archive/1/511735/100/0/threaded http://www.securityfocus.com/bid/40641 https://exchange.xforce.ibmcloud.com/vulnerabilities/59245 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •