Known Vulnerabilities for products from Cubecart
Listed below are 19 of the newest known vulnerabilities associated with the vendor "Cubecart".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-45714 json | Not Provided | 2026-05-13 | 2026-05-13 | |
| CVE-2026-45708 json | Not Provided | 2026-05-13 | 2026-05-13 | |
| CVE-2026-45055 json | Not Provided | 2026-05-13 | 2026-05-13 | |
| CVE-2026-45054 json | Not Provided | 2026-05-13 | 2026-05-13 | |
| CVE-2026-45053 json | Not Provided | 2026-05-13 | 2026-05-13 | |
| CVE-2026-44377 json | Not Provided | 2026-05-13 | 2026-05-13 | |
| CVE-2026-44376 json | Not Provided | 2026-05-13 | 2026-05-13 | |
| CVE-2026-39428 json | Not Provided | 2026-05-13 | 2026-05-13 | |
| CVE-2026-39358 json | Not Provided | 2026-05-13 | 2026-05-13 | |
| CVE-2026-35496 json | A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to ... | Not Provided | 2026-04-17 | 2026-04-20 |
| CVE-2026-34018 json | An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL sta... | Not Provided | 2026-04-17 | 2026-04-20 |
| CVE-2026-21719 json | An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privil... | Not Provided | 2026-04-17 | 2026-04-20 |
| CVE-2021-33394 json | Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A... | 5.4 - MEDIUM | 2021-05-27 | 2021-06-02 |
| CVE-2018-20716 json | CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature. | 9.8 - CRITICAL | 2019-01-15 | 2019-01-23 |
| CVE-2018-20703 json | CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string. | 5.4 - MEDIUM | 2019-01-13 | 2019-01-16 |
| CVE-2017-2117 json | Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbit... | Not Provided | 2017-04-28 | 2025-04-20 |
| CVE-2017-2098 json | Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary... | Not Provided | 2017-04-28 | 2025-04-20 |
| CVE-2017-2090 json | Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary... | Not Provided | 2017-04-28 | 2025-04-20 |
| CVE-2015-6928 json | classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password res... | Not Provided | 2015-09-28 | 2026-05-06 |
| CVE-2014-2341 json | Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID para... | Not Provided | 2014-04-22 | 2026-05-06 |
Known software with vulnerabilities from Cubecart
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Cubecart | Cubecart | - |