📦 Cubecart

This CVE describes a directory traversal vulnerability in CubeCart that allows attackers to upload malicious files to arbitrary locations on the server. Attackers can exploit this via crafted _g and n...

CubeCart ecommerce software versions before 6.5.11 fail to automatically expire user sessions after password changes. This allows attackers who have compromised an account to maintain access even afte...

This CVE describes a file upload vulnerability in CubeCart e-commerce software that allows authenticated users to upload malicious .phar files, leading to arbitrary code execution. It affects CubeCart...

A cross-site request forgery (CSRF) vulnerability in CubeCart e-commerce software allows unauthenticated remote attackers to delete data from the system. This affects all CubeCart installations prior ...

CVE-2023-47675 is an OS command injection vulnerability in CubeCart e-commerce software that allows authenticated administrators to execute arbitrary commands on the underlying operating system. This ...

CubeCart versions before 6.5.11 contain a logic flaw in the newsletter subscription endpoint that allows attackers to unsubscribe any user without consent. By manipulating the force_unsubscribe parame...

CubeCart versions before 6.5.11 have a cross-site scripting (XSS) vulnerability in the product reviews feature. Attackers can inject malicious HTML into review descriptions, which gets executed when a...