CVE-2012-0865

Published: Feb 21, 2012Modified: Apr 29, 2026

5.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability: 8.6 / Impact: 4.9

Source: NVD

Description

Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php.

Affected (21)

Products: Cubecart: Cubecart

1 product

Configuration A

21 vulnerable

Vulnerable Software	Affected Versions
Cubecart Cubecart	Up to 3.0.20
Cubecart Cubecart	Version 3.0.0
Cubecart Cubecart	Version 3.0.10
Cubecart Cubecart	Version 3.0.11
Cubecart Cubecart	Version 3.0.12
Cubecart Cubecart	Version 3.0.13
Cubecart Cubecart	Version 3.0.14
Cubecart Cubecart	Version 3.0.15
Cubecart Cubecart	Version 3.0.16
Cubecart Cubecart	Version 3.0.17
Cubecart Cubecart	Version 3.0.18
Cubecart Cubecart	Version 3.0.19
Cubecart Cubecart	Version 3.0.1
Cubecart Cubecart	Version 3.0.2
Cubecart Cubecart	Version 3.0.3
Cubecart Cubecart	Version 3.0.4
Cubecart Cubecart	Version 3.0.5
Cubecart Cubecart	Version 3.0.6
Cubecart Cubecart	Version 3.0.7
Cubecart Cubecart	Version 3.0.8
Cubecart Cubecart	Version 3.0.9

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (18)

http://archives.neohapsis.com/archives/bugtraq/2012-02/0058.html

Source: secalert@redhat.com

Exploit

http://osvdb.org/79140

Source: secalert@redhat.com

http://osvdb.org/79141

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/02/12/4

Source: secalert@redhat.com

Exploit

http://www.openwall.com/lists/oss-security/2012/02/13/5

Source: secalert@redhat.com

Exploit

http://www.openwall.com/lists/oss-security/2012/02/18/1

Source: secalert@redhat.com

Exploit

http://www.securityfocus.com/bid/51966

Source: secalert@redhat.com

Exploit

http://www.securitytracker.com/id?1026711

Source: secalert@redhat.com

http://yehg.net/lab/pr0js/advisories/%5Bcubecart_3.0.20_3.0.x%5D_open_url_redirection

Source: secalert@redhat.com

Exploit

http://archives.neohapsis.com/archives/bugtraq/2012-02/0058.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://osvdb.org/79140

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/79141

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2012/02/12/4

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.openwall.com/lists/oss-security/2012/02/13/5

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.openwall.com/lists/oss-security/2012/02/18/1

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/bid/51966

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securitytracker.com/id?1026711

Source: af854a3a-2127-422b-91ae-364da2661108

http://yehg.net/lab/pr0js/advisories/%5Bcubecart_3.0.20_3.0.x%5D_open_url_redirection

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.