// For flags

CVE-2005-1033

CubeCart 2.0.x - 'index.php' Multiple Full Path Disclosures

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

4
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) product parameter to view_product.php, which reveals the path in a PHP error message.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2005-04-06 First Exploit
  • 2005-04-09 CVE Published
  • 2005-04-10 CVE Reserved
  • 2024-08-07 CVE Updated
  • 2024-10-15 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Devellion
Search vendor "Devellion"
Cubecart
Search vendor "Devellion" for product "Cubecart"
2.0.6
Search vendor "Devellion" for product "Cubecart" and version "2.0.6"
-
Affected