CVSS: 7.5EPSS: 0%CPEs: 43EXPL: 1CVE-2009-4060 – CubeCart 3.0.4/4.3.6 - 'ProductID' SQL Injection
https://notcve.org/view.php?id=CVE-2009-4060
SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter. Una vulnerabilidad de inyección SQL en includes/content/viewProd.inc.php en CubeCart antes de v4.3.7 permite ejecutar comandos SQL a atacantes remotos a través del parámetro ProductID. • https://www.exploit-db.com/exploits/33362 http://forums.cubecart.com/index.php?showtopic=39900 http://osvdb.org/60306 http://secunia.com/advisories/37402 http://www.securityfocus.com/bid/37065 http://www.vupen.com/english/advisories/2009/3290 https://exchange.xforce.ibmcloud.com/vulnerabilities/54331 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4526
https://notcve.org/view.php?id=CVE-2006-4526
SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the searchArray[] parameter. Vulnerabilidad de inyección SQL en includes/content/viewCat.inc.php en CubeCart 3.0.12 y anteriores, cuando register_globales está activado, permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro searchArray[]. • http://cubecart.com/site/forums/index.php?showtopic=21540 http://secunia.com/advisories/21659 http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697 http://www.gulftech.org/?node=research&article_id=00111-08282006& http://www.securityfocus.com/bid/19782 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2006-4525 – CubeCart < 3.0.12 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-4525
Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en CubeCart 3.0.12 y anteriores, cuando register_globals está habilitado, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el array links. • https://www.exploit-db.com/exploits/43840 http://cubecart.com/site/forums/index.php?showtopic=21540 http://secunia.com/advisories/21659 http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697 http://www.gulftech.org/?node=research&article_id=00111-08282006& http://www.securityfocus.com/bid/19782 •
CVSS: 2.6EPSS: 1%CPEs: 1EXPL: 0CVE-2006-4527
https://notcve.org/view.php?id=CVE-2006-4527
includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion attacks. includes/content/gateway.inc.php en CubeCart 3.0.12 y anteriores, cuando magic_quites_gpc está desactivado, usa una expresión regular insuficientemente restrictiav para validar el parámetro gateway, lo que permite a atacantes remotos llevar a cabo ataques de inclusión remota de archivos en PHP. • http://cubecart.com/site/forums/index.php?showtopic=21540 http://secunia.com/advisories/21659 http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697 http://www.gulftech.org/?node=research&article_id=00111-08282006& http://www.securityfocus.com/bid/19782 •