Refine your search
9 vulnerabilities found for by CubeCart Limited
CVE-2026-35496 (GCVE-0-2026-35496)
Vulnerability from cvelistv5
Published
2026-04-17 04:33
Modified
2026-04-17 12:18
Severity ?
2.7 (Low) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper limitation of a pathname to a restricted directory ('Path Traversal')
Summary
A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CubeCart Limited | CubeCart |
Version: prior to 6.6.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35496",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T12:18:24.559535Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T12:18:33.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CubeCart",
"vendor": "CubeCart Limited",
"versions": [
{
"status": "affected",
"version": "prior to 6.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T04:33:49.813Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://community.cubecart.com/t/cubecart-6-6-0-released-the-biggest-update-in-years/62405"
},
{
"url": "https://jvn.jp/en/jp/JVN78422311/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-35496",
"datePublished": "2026-04-17T04:33:49.813Z",
"dateReserved": "2026-04-13T02:53:41.252Z",
"dateUpdated": "2026-04-17T12:18:33.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34018 (GCVE-0-2026-34018)
Vulnerability from cvelistv5
Published
2026-04-17 04:33
Modified
2026-04-17 12:20
Severity ?
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper neutralization of special elements used in an SQL command ('SQL Injection')
Summary
An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CubeCart Limited | CubeCart |
Version: prior to 6.6.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34018",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T12:20:02.943694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T12:20:12.217Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CubeCart",
"vendor": "CubeCart Limited",
"versions": [
{
"status": "affected",
"version": "prior to 6.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper neutralization of special elements used in an SQL command (\u0027SQL Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T04:33:35.768Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://community.cubecart.com/t/cubecart-6-6-0-released-the-biggest-update-in-years/62405"
},
{
"url": "https://jvn.jp/en/jp/JVN78422311/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-34018",
"datePublished": "2026-04-17T04:33:35.768Z",
"dateReserved": "2026-04-13T02:53:40.276Z",
"dateUpdated": "2026-04-17T12:20:12.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21719 (GCVE-0-2026-21719)
Vulnerability from cvelistv5
Published
2026-04-17 04:33
Modified
2026-04-17 12:21
Severity ?
7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.6 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.6 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Summary
An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CubeCart Limited | CubeCart |
Version: prior to 6.6.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21719",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T12:21:40.939591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T12:21:48.770Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CubeCart",
"vendor": "CubeCart Limited",
"versions": [
{
"status": "affected",
"version": "prior to 6.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T04:33:17.708Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://community.cubecart.com/t/cubecart-6-6-0-released-the-biggest-update-in-years/62405"
},
{
"url": "https://jvn.jp/en/jp/JVN78422311/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-21719",
"datePublished": "2026-04-17T04:33:17.708Z",
"dateReserved": "2026-04-13T02:53:42.375Z",
"dateUpdated": "2026-04-17T12:21:48.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-47675 (GCVE-0-2023-47675)
Vulnerability from cvelistv5
Published
2023-11-17 04:37
Modified
2024-08-02 21:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- OS command injection
Summary
CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CubeCart Limited | CubeCart |
Version: prior to 6.5.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:42.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN22220399/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CubeCart",
"vendor": "CubeCart Limited",
"versions": [
{
"status": "affected",
"version": "prior to 6.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-17T04:37:54.033Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"url": "https://jvn.jp/en/jp/JVN22220399/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-47675",
"datePublished": "2023-11-17T04:37:54.033Z",
"dateReserved": "2023-11-13T02:58:59.752Z",
"dateUpdated": "2024-08-02T21:16:42.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47283 (GCVE-0-2023-47283)
Vulnerability from cvelistv5
Published
2023-11-17 04:37
Modified
2024-08-02 21:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Directory traversal
Summary
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CubeCart Limited | CubeCart |
Version: prior to 6.5.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:36.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN22220399/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CubeCart",
"vendor": "CubeCart Limited",
"versions": [
{
"status": "affected",
"version": "prior to 6.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-17T04:37:37.783Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"url": "https://jvn.jp/en/jp/JVN22220399/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-47283",
"datePublished": "2023-11-17T04:37:37.783Z",
"dateReserved": "2023-11-13T02:59:03.879Z",
"dateUpdated": "2024-08-02T21:09:36.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42428 (GCVE-0-2023-42428)
Vulnerability from cvelistv5
Published
2023-11-17 04:37
Modified
2024-08-02 19:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Directory traversal
Summary
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CubeCart Limited | CubeCart |
Version: prior to 6.5.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:16:51.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN22220399/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CubeCart",
"vendor": "CubeCart Limited",
"versions": [
{
"status": "affected",
"version": "prior to 6.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-17T04:37:21.879Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"url": "https://jvn.jp/en/jp/JVN22220399/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-42428",
"datePublished": "2023-11-17T04:37:21.879Z",
"dateReserved": "2023-11-13T02:59:01.085Z",
"dateUpdated": "2024-08-02T19:16:51.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38130 (GCVE-0-2023-38130)
Vulnerability from cvelistv5
Published
2023-11-17 04:37
Modified
2025-01-06 17:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site request forgery (CSRF)
Summary
Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CubeCart Limited | CubeCart |
Version: prior to 6.5.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:14.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN22220399/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38130",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-17T15:15:09.827678Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T17:26:05.978Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CubeCart",
"vendor": "CubeCart Limited",
"versions": [
{
"status": "affected",
"version": "prior to 6.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery (CSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-17T04:37:02.535Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"url": "https://jvn.jp/en/jp/JVN22220399/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-38130",
"datePublished": "2023-11-17T04:37:02.535Z",
"dateReserved": "2023-11-13T02:59:04.704Z",
"dateUpdated": "2025-01-06T17:26:05.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2117 (GCVE-0-2017-2117)
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Directory traversal
Summary
Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CubeCart Limited | CubeCart |
Version: versions prior to 6.1.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96466",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96466"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forums.cubecart.com/topic/52188-cubecart-615-released/"
},
{
"name": "JVN#63474730",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN63474730/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CubeCart",
"vendor": "CubeCart Limited",
"versions": [
{
"status": "affected",
"version": "versions prior to 6.1.5"
}
]
}
],
"datePublic": "2017-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "96466",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96466"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forums.cubecart.com/topic/52188-cubecart-615-released/"
},
{
"name": "JVN#63474730",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN63474730/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CubeCart",
"version": {
"version_data": [
{
"version_value": "versions prior to 6.1.5"
}
]
}
}
]
},
"vendor_name": "CubeCart Limited"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96466",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96466"
},
{
"name": "https://forums.cubecart.com/topic/52188-cubecart-615-released/",
"refsource": "MISC",
"url": "https://forums.cubecart.com/topic/52188-cubecart-615-released/"
},
{
"name": "JVN#63474730",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN63474730/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2117",
"datePublished": "2017-04-28T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:39:32.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2098 (GCVE-0-2017-2098)
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Directory traversal
Summary
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CubeCart Limited | CubeCart |
Version: versions prior to 6.1.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forums.cubecart.com/topic/52088-cubecart-614-released/"
},
{
"name": "JVN#81618356",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN81618356/index.html"
},
{
"name": "95866",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95866"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CubeCart",
"vendor": "CubeCart Limited",
"versions": [
{
"status": "affected",
"version": "versions prior to 6.1.4"
}
]
}
],
"datePublic": "2017-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forums.cubecart.com/topic/52088-cubecart-614-released/"
},
{
"name": "JVN#81618356",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN81618356/index.html"
},
{
"name": "95866",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95866"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CubeCart",
"version": {
"version_data": [
{
"version_value": "versions prior to 6.1.4"
}
]
}
}
]
},
"vendor_name": "CubeCart Limited"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forums.cubecart.com/topic/52088-cubecart-614-released/",
"refsource": "MISC",
"url": "https://forums.cubecart.com/topic/52088-cubecart-614-released/"
},
{
"name": "JVN#81618356",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN81618356/index.html"
},
{
"name": "95866",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95866"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2098",
"datePublished": "2017-04-28T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:39:32.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}