Every CVE whose affected-product data names Devellion Cubecart, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (21)
CVE-2006-0064 — CVSS 7.5 (high): PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code…
CVE-2006-4526 — CVSS 7.5 (high): SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows…
CVE-2007-2862 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified…
CVE-2006-5107 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to execute arbitrary SQL commands via (1) the…
CVE-2006-4267 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1)…
CVE-2004-1580 — CVSS 7.5 (high): SQL injection vulnerability in index.php in CubeCart 2.0.1 allows remote attackers to execute arbitrary SQL commands via the cat_id…
CVE-2006-5108 — CVSS 6.8 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to inject arbitrary web script or…
CVE-2006-4268 — CVSS 6.8 (medium): Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to inject arbitrary web script or…
CVE-2006-0922 — CVSS 5.0 (medium): CubeCart 3.0 through 3.6 does not properly check authorization for an administration session because of a missing auth.inc.php include…
CVE-2005-0442 — CVSS 5.0 (medium): Directory traversal vulnerability in index.php for CubeCart 2.0.4 allows remote attackers to read arbitrary files via the language…
CVE-2005-0607 — CVSS 5.0 (medium): CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the full path of the server via direct calls without parameters to (1)…
CVE-2005-1033 — CVSS 5.0 (medium): CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID…
CVE-2004-1579 — CVSS 5.0 (medium): index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive information via an HTTP request with an invalid cat_id parameter…
CVE-2006-5109 — CVSS 5.0 (medium): Devellion CubeCart 2.0.x allows remote attackers to obtain sensitive information via a direct request for (1) link_navi.php or (2)…
CVE-2007-2550 — CVSS 5.0 (medium): Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct…
CVE-2005-3152 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the…
CVE-2005-0606 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote…
CVE-2005-0443 — CVSS 4.3 (medium): index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the full path for the web server or (2) conduct cross-site scripting…
CVE-2006-4525 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to…
CVE-2006-0245 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7-pl1 allow remote attackers to inject arbitrary web script or HTML via…
CVE-2006-4527 — CVSS 2.6 (low): includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive…