Cubecart - Cubecart CVE

Filtered by vendor Cubecart Subscribe

Filtered by product Cubecart

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2013-1465	1 Cubecart	1 Cubecart	2024-01-09	7.5 HIGH	9.8 CRITICAL
The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object.
CVE-2018-20716	1 Cubecart	1 Cubecart	2019-01-23	7.5 HIGH	9.8 CRITICAL
CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature.

Vulnerabilities (CVE)