Cubecart 6.4.2

CPE Details

Cubecart 6.4.2
cubecart
cubecart
6.4.2
2021-05-28
22h19 +00:00
2021-06-15
19h24 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:cubecart:cubecart:6.4.2:*:*:*:*:*:*:*

Informations

Vendor

cubecart

Product

cubecart

Version

6.4.2

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-34832 2024-06-06 14h45 +00:00 Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters.
9.8
Critique
CVE-2023-47675 2023-11-17 04h37 +00:00 CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.
7.2
Haute
CVE-2023-47283 2023-11-17 04h37 +00:00 Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system.
4.9
Moyen
CVE-2023-42428 2023-11-17 04h37 +00:00 Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system.
6.5
Moyen
CVE-2023-38130 2023-11-17 04h37 +00:00 Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system.
8.1
Haute
CVE-2021-33394 2021-05-27 16h23 +00:00 Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user's account through the active session.
5.4
Moyen