Cubecart
Monthly
CubeCart administrative users can exploit a path traversal vulnerability prior to version 6.6.0 to read files from higher-level directories on the server, bypassing intended directory access restrictions. The vulnerability requires administrative privileges and affects CubeCart installations below 6.6.0. No active exploitation or public proof-of-concept has been identified; the low CVSS score (2.7) reflects the requirement for elevated privileges, making this a post-compromise lateral movement vector rather than an initial access risk.
SQL injection in CubeCart prior to 6.6.0 allows remote unauthenticated attackers to execute arbitrary SQL statements through a request requiring user interaction, affecting the e-commerce platform's database integrity and confidentiality. The vulnerability has a CVSS score of 6.3 with network-accessible attack vector and low complexity, though exploitation requires user engagement (UI:R) which moderates real-world risk. No public exploit code or active exploitation in CISA KEV has been confirmed at time of analysis.
Authenticated OS command injection in CubeCart prior to version 6.6.0 allows administrators to execute arbitrary system commands on the hosting server. Reported by JPCERT, this vulnerability requires high-privilege (admin) access but then permits full system compromise. CVSS 8.6 severity reflects low attack complexity from network position once admin credentials obtained. EPSS exploitation probability is low (0.18%, 40th percentile) with no active exploitation confirmed in CISA KEV or SSVC data, though POC status unknown. CubeCart 6.6.0 addresses this CWE-78 command injection flaw per vendor community announcement.
CubeCart is an ecommerce software solution. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
CubeCart is an ecommerce software solution. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
CubeCart is an ecommerce software solution. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
CubeCart is an ecommerce software solution. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.
CubeCart administrative users can exploit a path traversal vulnerability prior to version 6.6.0 to read files from higher-level directories on the server, bypassing intended directory access restrictions. The vulnerability requires administrative privileges and affects CubeCart installations below 6.6.0. No active exploitation or public proof-of-concept has been identified; the low CVSS score (2.7) reflects the requirement for elevated privileges, making this a post-compromise lateral movement vector rather than an initial access risk.
SQL injection in CubeCart prior to 6.6.0 allows remote unauthenticated attackers to execute arbitrary SQL statements through a request requiring user interaction, affecting the e-commerce platform's database integrity and confidentiality. The vulnerability has a CVSS score of 6.3 with network-accessible attack vector and low complexity, though exploitation requires user engagement (UI:R) which moderates real-world risk. No public exploit code or active exploitation in CISA KEV has been confirmed at time of analysis.
Authenticated OS command injection in CubeCart prior to version 6.6.0 allows administrators to execute arbitrary system commands on the hosting server. Reported by JPCERT, this vulnerability requires high-privilege (admin) access but then permits full system compromise. CVSS 8.6 severity reflects low attack complexity from network position once admin credentials obtained. EPSS exploitation probability is low (0.18%, 40th percentile) with no active exploitation confirmed in CISA KEV or SSVC data, though POC status unknown. CubeCart 6.6.0 addresses this CWE-78 command injection flaw per vendor community announcement.
CubeCart is an ecommerce software solution. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
CubeCart is an ecommerce software solution. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
CubeCart is an ecommerce software solution. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
CubeCart is an ecommerce software solution. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.