CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47675
https://notcve.org/view.php?id=CVE-2023-47675
CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. CubeCart anterior a 6.5.3 permite a un atacante remoto autenticado con privilegios administrativos ejecutar un comando arbitrario del sistema operativo. • https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update https://jvn.jp/en/jp/JVN22220399 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47283
https://notcve.org/view.php?id=CVE-2023-47283
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system. Vulnerabilidad de Directory Traversal en CubeCart anterior a 6.5.3 permite a un atacante remoto autenticado con privilegios administrativos obtener archivos en el sistema. • https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update https://jvn.jp/en/jp/JVN22220399 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42428
https://notcve.org/view.php?id=CVE-2023-42428
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system. Vulnerabilidad de Directory Traversal en CubeCart anterior a 6.5.3 permite a un atacante remoto autenticado con privilegios administrativos eliminar directorios y archivos en el sistema. • https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update https://jvn.jp/en/jp/JVN22220399 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38130
https://notcve.org/view.php?id=CVE-2023-38130
Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en CubeCart anterior a 6.5.3 permite que un atacante remoto no autenticado elimine datos en el sistema. • https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update https://jvn.jp/en/jp/JVN22220399 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20703 – CubeCart 6.2.2 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-20703
CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string. CubeCart 6.2.2 tiene Cross-Site Scripting (XSS) reflejado mediante una cadena de consulta /{ADMIN-FILE}/. CubeCart version 6.2.2 suffers from a cross site scripting vulnerability. • https://www.netsparker.com/web-applications-advisories/ns-18-025-reflected-cross-site-scripting-in-cubecart • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •