Page 3 of 35 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2010-4903

https://notcve.org/view.php?id=CVE-2010-4903

SQL injection vulnerability in index.php in CubeCart 4.3.3 allows remote attackers to execute arbitrary SQL commands via the searchStr parameter. Vulnerabilidad de inyección SQL en index.php en CubeCart v4.3.3, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro searchStr. • http://secunia.com/advisories/41352 http://securityreason.com/securityalert/8441 http://www.acunetix.com/blog/web-security-zone/articles/sql-injection-xss-cubecart-4-3-3 http://www.securityfocus.com/archive/1/513572/100/0/threaded http://www.securityfocus.com/bid/43114 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 4

CVE-2010-1931 – CubeCart PHP 4.3.x - 'shipkey' SQL Injection

https://notcve.org/view.php?id=CVE-2010-1931

SQL injection vulnerability in includes/content/cart.inc.php in CubeCart PHP Shopping cart 4.3.4 through 4.3.9 allows remote attackers to execute arbitrary SQL commands via the shipKey parameter to index.php. Vulnerabilidad de inyección SQL en includes/content/cart.inc.php en CubeCart PHP Shopping cart v4.3.4 hasta v4.3.9 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro shipKey en index.php. • https://www.exploit-db.com/exploits/14117 http://forums.cubecart.com/index.php?showtopic=41469 http://osvdb.org/65250 http://secunia.com/advisories/40102 http://www.coresecurity.com/content/cubecart-php-shopping-cart-sql-injection http://www.securityfocus.com/archive/1/511735/100/0/threaded http://www.securityfocus.com/bid/40641 https://exchange.xforce.ibmcloud.com/vulnerabilities/59245 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 43EXPL: 1

CVE-2009-4060 – CubeCart 3.0.4/4.3.6 - 'ProductID' SQL Injection

https://notcve.org/view.php?id=CVE-2009-4060

SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter. Una vulnerabilidad de inyección SQL en includes/content/viewProd.inc.php en CubeCart antes de v4.3.7 permite ejecutar comandos SQL a atacantes remotos a través del parámetro ProductID. • https://www.exploit-db.com/exploits/33362 http://forums.cubecart.com/index.php?showtopic=39900 http://osvdb.org/60306 http://secunia.com/advisories/37402 http://www.securityfocus.com/bid/37065 http://www.vupen.com/english/advisories/2009/3290 https://exchange.xforce.ibmcloud.com/vulnerabilities/54331 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 4

CVE-2009-3904 – CubeCart 4 - Session Management Bypass

https://notcve.org/view.php?id=CVE-2009-3904

classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2) X_CLUSTER_CLIENT_IP header, or (3) User-Agent header. classes/session/cc_admin_session.php en CubeCart v4.3.4 no maneja adecuadamente las restricciones de permiso de acceso administrativo, permitiendo a atacantes remotos saltar las restricciones y obtener acceso administrativo mediante una petición HTTP que contenga un (1) sessID (ccAdmin cookie), (2) una cabecera X_CLUSTER_CLIENT_IP , o (3) una cabecera User-Agent vacios. • https://www.exploit-db.com/exploits/9875 http://forums.cubecart.com/index.php?showtopic=39691?read=1 http://forums.cubecart.com/index.php?showtopic=39748 http://secunia.com/advisories/37197 http://www.acunetix.com/blog/websecuritynews/cubecart-4-session-management-bypass-leads-to-administrator-access http://www.securityfocus.com/archive/1/507594/100/0/threaded http://www.securityfocus.com/bid/36882 http://www.securitytracker.com/id?1023120 http://www.vupen.com/english/advisories/2009/311 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2008-1550

https://notcve.org/view.php?id=CVE-2008-1550

Multiple cross-site scripting (XSS) vulnerabilities in index.php in CubeCart 4.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the _a parameter in a searchStr action and the (2) Submit parameter. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el archivo index.php en CubeCart versión 4.2.1, permiten a los atacantes remotos inyectar script web o HTML arbitrario por medio de (1) el parámetro _a en una acción searchStr y el parámetro (2) Submit. • http://holisticinfosec.org/content/view/51/45 http://secunia.com/advisories/29532 http://www.securityfocus.com/bid/28452 https://exchange.xforce.ibmcloud.com/vulnerabilities/41559 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •