CVE Tools

devellion

Web & CMS Pluginscommercial

21

Cumulative CVEs

10

Monthly snapshots

#25

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting devellion.

CVE-2007-2862Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an i...7.5May 24, 2007
CVE-2007-2550Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cook...5.0May 9, 2007
CVE-2006-5109Devellion CubeCart 2.0.x allows remote attackers to obtain sensitive information via a direct request for (1) link_navi.php or (2) spotlight.php, which reveals the path in various error messages. ...5.0Oct 2, 2006
CVE-2006-5108Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to inject arbitrary web script or HTML via the order_id parameter in (1) admin/print_order.php...6.8Oct 2, 2006
CVE-2006-5107Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter in admin/forgot_pass.php, (2) the order_i...7.5Oct 2, 2006
CVE-2006-4527includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which al...2.6Sep 1, 2006
CVE-2006-4526SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the s...7.5Sep 1, 2006
CVE-2006-4525Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array.4.3Sep 1, 2006
CVE-2006-4268Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file, (2) x, and (3) y parameters in (a)...6.8Aug 21, 2006
CVE-2006-4267Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and t...7.5Aug 21, 2006
CVE-2006-0922CubeCart 3.0 through 3.6 does not properly check authorization for an administration session because of a missing auth.inc.php include, which results in an absolute path traversal vulnerability in ...5.0Feb 28, 2006
CVE-2006-0245Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7-pl1 allow remote attackers to inject arbitrary web script or HTML via the (3) redir, (4) productId, (5) docId, (6) act, and (7)...4.3Jan 18, 2006
CVE-2006-0064PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the glob[rootDir] parameter.7.5Jan 3, 2006
CVE-2005-3152Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the redir parameter to (1) cart.php or (2) index.php, or (3) ...4.3Oct 5, 2005
CVE-2005-1033CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend...5.0Apr 9, 2005