17 results (0.003 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. CubeCart anterior a 6.5.3 permite a un atacante remoto autenticado con privilegios administrativos ejecutar un comando arbitrario del sistema operativo. • https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update https://jvn.jp/en/jp/JVN22220399 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system. Vulnerabilidad de Directory Traversal en CubeCart anterior a 6.5.3 permite a un atacante remoto autenticado con privilegios administrativos obtener archivos en el sistema. • https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update https://jvn.jp/en/jp/JVN22220399 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system. Vulnerabilidad de Directory Traversal en CubeCart anterior a 6.5.3 permite a un atacante remoto autenticado con privilegios administrativos eliminar directorios y archivos en el sistema. • https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update https://jvn.jp/en/jp/JVN22220399 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en CubeCart anterior a 6.5.3 permite que un atacante remoto no autenticado elimine datos en el sistema. • https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update https://jvn.jp/en/jp/JVN22220399 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature. CubeCart, en versiones anteriores a la 6.1.13, tiene una inyección SQL mediante el parámetro validate[] de la característica "I forgot my Password!". • https://blog.ripstech.com/2018/cubecart-admin-authentication-bypass • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •