Cubecart

cubecart

Vendor: Cubecart • 29 CVEs

CVEs (29)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-2341 1Cubecart 1Cubecart May 6, 2026 Apr 22, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
CVE-2013-1465 1Cubecart 1Cubecart Apr 29, 2026 Feb 8, 2013 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the a...Show more The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object.Show less
CVE-2012-0865 1Cubecart 1Cubecart Apr 29, 2026 Feb 21, 2012 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) got...Show more Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php.Show less
CVE-2010-4903 1Cubecart 1Cubecart Apr 29, 2026 Oct 8, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in index.php in CubeCart 4.3.3 allows remote attackers to execute arbitrary SQL commands via the searchStr parameter.
CVE-2011-3724 1Cubecart 1Cubecart Apr 29, 2026 Sep 23, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 CubeCart 4.4.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/shipping/USPS/calc.php and c...Show more CubeCart 4.4.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/shipping/USPS/calc.php and certain other files.Show less
CVE-2010-1931 1Cubecart 1Cubecart Apr 29, 2026 Jun 10, 2010 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in includes/content/cart.inc.php in CubeCart PHP Shopping cart 4.3.4 through 4.3.9 allows remote attackers to execute arbitrary SQL commands via the shipKey parameter to index.php.
CVE-2009-4060 1Cubecart 1Cubecart Apr 23, 2026 Nov 24, 2009 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter.
CVE-2009-3904 1Cubecart 1Cubecart Apr 23, 2026 Nov 6, 2009 N/A· v4 N/A· v3 7.5 HIGH· v2 classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request...Show more classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2) X_CLUSTER_CLIENT_IP header, or (3) User-Agent header.Show less
CVE-2008-1550 1Cubecart 1Cubecart Apr 23, 2026 Mar 31, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in index.php in CubeCart 4.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the _a parameter in a searchStr action and the (2) Submit parameter...Show more Multiple cross-site scripting (XSS) vulnerabilities in index.php in CubeCart 4.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the _a parameter in a searchStr action and the (2) Submit parameter.Show less

Previous 12