CVSS: 7.5EPSS: 0%CPEs: 43EXPL: 1CVE-2009-4060 – CubeCart 3.0.4/4.3.6 - 'ProductID' SQL Injection
https://notcve.org/view.php?id=CVE-2009-4060
SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter. Una vulnerabilidad de inyección SQL en includes/content/viewProd.inc.php en CubeCart antes de v4.3.7 permite ejecutar comandos SQL a atacantes remotos a través del parámetro ProductID. • https://www.exploit-db.com/exploits/33362 http://forums.cubecart.com/index.php?showtopic=39900 http://osvdb.org/60306 http://secunia.com/advisories/37402 http://www.securityfocus.com/bid/37065 http://www.vupen.com/english/advisories/2009/3290 https://exchange.xforce.ibmcloud.com/vulnerabilities/54331 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4526
https://notcve.org/view.php?id=CVE-2006-4526
SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the searchArray[] parameter. Vulnerabilidad de inyección SQL en includes/content/viewCat.inc.php en CubeCart 3.0.12 y anteriores, cuando register_globales está activado, permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro searchArray[]. • http://cubecart.com/site/forums/index.php?showtopic=21540 http://secunia.com/advisories/21659 http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697 http://www.gulftech.org/?node=research&article_id=00111-08282006& http://www.securityfocus.com/bid/19782 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2006-4525 – CubeCart < 3.0.12 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-4525
Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en CubeCart 3.0.12 y anteriores, cuando register_globals está habilitado, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el array links. • https://www.exploit-db.com/exploits/43840 http://cubecart.com/site/forums/index.php?showtopic=21540 http://secunia.com/advisories/21659 http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697 http://www.gulftech.org/?node=research&article_id=00111-08282006& http://www.securityfocus.com/bid/19782 •
CVSS: 5.0EPSS: 5%CPEs: 11EXPL: 1CVE-2006-0922 – CubeCart 3.0.x - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2006-0922
CubeCart 3.0 through 3.6 does not properly check authorization for an administration session because of a missing auth.inc.php include, which results in an absolute path traversal vulnerability in FileUpload in connector.php (aka upload.php) that allows remote attackers to upload arbitrary files via a modified CurrentFolder parameter in a direct request to admin/filemanager/upload.php. • https://www.exploit-db.com/exploits/27304 http://securityreason.com/securityalert/482 http://www.cubecart.com/site/forums/index.php?showtopic=14704 http://www.cubecart.com/site/forums/index.php?showtopic=14817 http://www.cubecart.com/site/forums/index.php?showtopic=14825 http://www.cubecart.com/site/forums/index.php?showtopic=14960 http://www.cubecart.com/site/forums/index.php? •