Known Vulnerabilities for products from Cubecart
Listed below are 19 of the newest known vulnerabilities associated with the vendor "Cubecart".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-35496 json | A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to ... | Not Provided | 2026-04-17 | 2026-04-20 |
| CVE-2026-34018 json | An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL sta... | Not Provided | 2026-04-17 | 2026-04-20 |
| CVE-2026-21719 json | An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privil... | Not Provided | 2026-04-17 | 2026-04-20 |
| CVE-2021-33394 json | Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A... | 5.4 - MEDIUM | 2021-05-27 | 2021-06-02 |
| CVE-2018-20716 json | CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature. | 9.8 - CRITICAL | 2019-01-15 | 2019-01-23 |
| CVE-2018-20703 json | CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string. | 5.4 - MEDIUM | 2019-01-13 | 2019-01-16 |
| CVE-2017-2117 json | Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbit... | 4.9 - MEDIUM | 2017-04-28 | 2017-05-05 |
| CVE-2017-2098 json | Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary... | 6.5 - MEDIUM | 2017-04-28 | 2017-05-05 |
| CVE-2017-2090 json | Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary... | 6.5 - MEDIUM | 2017-04-28 | 2017-05-05 |
| CVE-2015-6928 json | classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password res... | 6.8 - MEDIUM | 2015-09-28 | 2016-12-07 |
| CVE-2014-2341 json | Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID para... | 6.8 - MEDIUM | 2014-04-22 | 2017-08-29 |
| CVE-2013-1465 json | The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unseria... | 9.8 - CRITICAL | 2013-02-08 | 2024-01-09 |
| CVE-2012-0865 json | Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary w... | 5.8 - MEDIUM | 2012-02-21 | 2018-01-11 |
| CVE-2011-3724 json | CubeCart 4.4.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the... | 5 - MEDIUM | 2011-09-23 | 2012-03-13 |
| CVE-2010-4903 json | SQL injection vulnerability in index.php in CubeCart 4.3.3 allows remote attackers to execute arbitrary SQL commands via the ... | 7.5 - HIGH | 2011-10-08 | 2018-10-10 |
| CVE-2010-1931 json | SQL injection vulnerability in includes/content/cart.inc.php in CubeCart PHP Shopping cart 4.3.4 through 4.3.9 allows remote ... | 7.5 - HIGH | 2010-06-10 | 2018-10-10 |
| CVE-2009-4060 json | SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitra... | 7.5 - HIGH | 2009-11-24 | 2017-08-17 |
| CVE-2009-3904 json | classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which al... | 7.5 - HIGH | 2009-11-06 | 2018-10-10 |
| CVE-2008-1550 json | Multiple cross-site scripting (XSS) vulnerabilities in index.php in CubeCart 4.2.1 allow remote attackers to inject arbitrary... | 4.3 - MEDIUM | 2008-03-31 | 2017-08-08 |
Known software with vulnerabilities from Cubecart
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Cubecart | Cubecart | - |