CVE-2023-47675
https://notcve.org/view.php?id=CVE-2023-47675
CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. CubeCart anterior a 6.5.3 permite a un atacante remoto autenticado con privilegios administrativos ejecutar un comando arbitrario del sistema operativo. • https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update https://jvn.jp/en/jp/JVN22220399 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-47283
https://notcve.org/view.php?id=CVE-2023-47283
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system. Vulnerabilidad de Directory Traversal en CubeCart anterior a 6.5.3 permite a un atacante remoto autenticado con privilegios administrativos obtener archivos en el sistema. • https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update https://jvn.jp/en/jp/JVN22220399 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-42428
https://notcve.org/view.php?id=CVE-2023-42428
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system. Vulnerabilidad de Directory Traversal en CubeCart anterior a 6.5.3 permite a un atacante remoto autenticado con privilegios administrativos eliminar directorios y archivos en el sistema. • https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update https://jvn.jp/en/jp/JVN22220399 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-38130
https://notcve.org/view.php?id=CVE-2023-38130
Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en CubeCart anterior a 6.5.3 permite que un atacante remoto no autenticado elimine datos en el sistema. • https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update https://jvn.jp/en/jp/JVN22220399 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2018-20716
https://notcve.org/view.php?id=CVE-2018-20716
CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature. CubeCart, en versiones anteriores a la 6.1.13, tiene una inyección SQL mediante el parámetro validate[] de la característica "I forgot my Password!". • https://blog.ripstech.com/2018/cubecart-admin-authentication-bypass • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •