CVSS: 6.8EPSS: 4%CPEs: 7EXPL: 7CVE-2006-5108 – CubeCart 3.0.x - '/admin/header.inc.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-5108
Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to inject arbitrary web script or HTML via the order_id parameter in (1) admin/print_order.php and (2) view_order.php; the (3) site_url and (4) la_search_home parameters and (5) certain language parameters in admin/nav.php; the (6) image parameter in admin/image.php; the (7) site_name, (8) la_adm_header, (9) charset, and (10) certain other parameters in admin/header.inc.php; the (12) la_pow_by parameter in footer.inc.php; and the (13) site_name parameter and (14) certain other parameters in header.inc.php. Múltiples vulnerabilidades se secuencias de comandos en sitios cruzados (XSS) en Devellion CubeCart 2.0.x permite a un atacante remoto inyectar secuencias de comandos web o HTML a través del parámetro order_id en (1)admin/print_order.php y (2) view_order.php; los parámetros (3) site_urly (4) la_search_home y ciertos parámetros de lenguaje en admin/nav.php; el parámetro (6) image en admin/image.php;el(7) site_name, (8) la_adm_header, (9) charset, y (10) otros parámetros en admin/header.inc.php; el parámetro(12) la_pow_by parameter en footer.inc.php; y el parámetro (13) site_name y (14) otros parámetros en header.inc.php. • https://www.exploit-db.com/exploits/28703 https://www.exploit-db.com/exploits/28701 https://www.exploit-db.com/exploits/28702 https://www.exploit-db.com/exploits/28699 https://www.exploit-db.com/exploits/28704 https://www.exploit-db.com/exploits/28700 http://secunia.com/advisories/22175 http://securityreason.com/securityalert/1662 http://www.osvdb.org/29246 http://www.osvdb.org/29247 http://www.osvdb.org/29248 http://www.osvdb.org/29249 http://www.os •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 5CVE-2006-5107 – CubeCart 3.0.x - '/admin/forgot_pass.php?user_name' SQL Injection
https://notcve.org/view.php?id=CVE-2006-5107
Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter in admin/forgot_pass.php, (2) the order_id parameter in view_order.php, (3) the view_doc parameter in view_doc.php, and (4) the order_id parameter in admin/print_order.php. Múltiples vulnerabilidades de inyección SQL en Devellion CubeCart 2.0.x permite a un atacante remoto ejecutar comandos SQL de su elección a través del (1)parámetro user_name en admin/forgot_pass.php, (2) el parámerto order_id en view_order.php, (3) el parámetro view_doc en view_doc.php, y (4) el parámetro order_id en admin/print_order.php. • https://www.exploit-db.com/exploits/28695 https://www.exploit-db.com/exploits/28698 https://www.exploit-db.com/exploits/28697 https://www.exploit-db.com/exploits/28696 http://securityreason.com/securityalert/1662 http://www.securityfocus.com/archive/1/447009/100/0/threaded http://www.securityfocus.com/bid/20215 https://exchange.xforce.ibmcloud.com/vulnerabilities/29176 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4526
https://notcve.org/view.php?id=CVE-2006-4526
SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the searchArray[] parameter. Vulnerabilidad de inyección SQL en includes/content/viewCat.inc.php en CubeCart 3.0.12 y anteriores, cuando register_globales está activado, permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro searchArray[]. • http://cubecart.com/site/forums/index.php?showtopic=21540 http://secunia.com/advisories/21659 http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697 http://www.gulftech.org/?node=research&article_id=00111-08282006& http://www.securityfocus.com/bid/19782 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2006-4525 – CubeCart < 3.0.12 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-4525
Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en CubeCart 3.0.12 y anteriores, cuando register_globals está habilitado, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el array links. • https://www.exploit-db.com/exploits/43840 http://cubecart.com/site/forums/index.php?showtopic=21540 http://secunia.com/advisories/21659 http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697 http://www.gulftech.org/?node=research&article_id=00111-08282006& http://www.securityfocus.com/bid/19782 •
CVSS: 2.6EPSS: 1%CPEs: 1EXPL: 0CVE-2006-4527
https://notcve.org/view.php?id=CVE-2006-4527
includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion attacks. includes/content/gateway.inc.php en CubeCart 3.0.12 y anteriores, cuando magic_quites_gpc está desactivado, usa una expresión regular insuficientemente restrictiav para validar el parámetro gateway, lo que permite a atacantes remotos llevar a cabo ataques de inclusión remota de archivos en PHP. • http://cubecart.com/site/forums/index.php?showtopic=21540 http://secunia.com/advisories/21659 http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697 http://www.gulftech.org/?node=research&article_id=00111-08282006& http://www.securityfocus.com/bid/19782 •