Search criteria
9 vulnerabilities by CubeCart Limited
CVE-2026-35496 (GCVE-0-2026-35496)
Vulnerability from cvelistv5 – Published: 2026-04-17 04:33 – Updated: 2026-04-17 12:18
VLAI
Summary
A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper limitation of a pathname to a restricted directory ('Path Traversal')
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CubeCart Limited | CubeCart |
Affected:
prior to 6.6.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35496",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T12:18:24.559535Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T12:18:33.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CubeCart",
"vendor": "CubeCart Limited",
"versions": [
{
"status": "affected",
"version": "prior to 6.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T04:33:49.813Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://community.cubecart.com/t/cubecart-6-6-0-released-the-biggest-update-in-years/62405"
},
{
"url": "https://jvn.jp/en/jp/JVN78422311/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-35496",
"datePublished": "2026-04-17T04:33:49.813Z",
"dateReserved": "2026-04-13T02:53:41.252Z",
"dateUpdated": "2026-04-17T12:18:33.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34018 (GCVE-0-2026-34018)
Vulnerability from cvelistv5 – Published: 2026-04-17 04:33 – Updated: 2026-04-17 12:20
VLAI
Summary
An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper neutralization of special elements used in an SQL command ('SQL Injection')
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CubeCart Limited | CubeCart |
Affected:
prior to 6.6.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34018",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T12:20:02.943694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T12:20:12.217Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CubeCart",
"vendor": "CubeCart Limited",
"versions": [
{
"status": "affected",
"version": "prior to 6.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper neutralization of special elements used in an SQL command (\u0027SQL Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T04:33:35.768Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://community.cubecart.com/t/cubecart-6-6-0-released-the-biggest-update-in-years/62405"
},
{
"url": "https://jvn.jp/en/jp/JVN78422311/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-34018",
"datePublished": "2026-04-17T04:33:35.768Z",
"dateReserved": "2026-04-13T02:53:40.276Z",
"dateUpdated": "2026-04-17T12:20:12.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21719 (GCVE-0-2026-21719)
Vulnerability from cvelistv5 – Published: 2026-04-17 04:33 – Updated: 2026-04-17 12:21
VLAI
Summary
An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CubeCart Limited | CubeCart |
Affected:
prior to 6.6.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21719",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T12:21:40.939591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T12:21:48.770Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CubeCart",
"vendor": "CubeCart Limited",
"versions": [
{
"status": "affected",
"version": "prior to 6.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T04:33:17.708Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://community.cubecart.com/t/cubecart-6-6-0-released-the-biggest-update-in-years/62405"
},
{
"url": "https://jvn.jp/en/jp/JVN78422311/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-21719",
"datePublished": "2026-04-17T04:33:17.708Z",
"dateReserved": "2026-04-13T02:53:42.375Z",
"dateUpdated": "2026-04-17T12:21:48.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-47675 (GCVE-0-2023-47675)
Vulnerability from cvelistv5 – Published: 2023-11-17 04:37 – Updated: 2024-08-02 21:16
VLAI
Summary
CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.
Severity
No CVSS data available.
CWE
- OS command injection
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CubeCart Limited | CubeCart |
Affected:
prior to 6.5.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:42.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN22220399/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CubeCart",
"vendor": "CubeCart Limited",
"versions": [
{
"status": "affected",
"version": "prior to 6.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-17T04:37:54.033Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"url": "https://jvn.jp/en/jp/JVN22220399/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-47675",
"datePublished": "2023-11-17T04:37:54.033Z",
"dateReserved": "2023-11-13T02:58:59.752Z",
"dateUpdated": "2024-08-02T21:16:42.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47283 (GCVE-0-2023-47283)
Vulnerability from cvelistv5 – Published: 2023-11-17 04:37 – Updated: 2024-08-02 21:09
VLAI
Summary
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system.
Severity
No CVSS data available.
CWE
- Directory traversal
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CubeCart Limited | CubeCart |
Affected:
prior to 6.5.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:36.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN22220399/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CubeCart",
"vendor": "CubeCart Limited",
"versions": [
{
"status": "affected",
"version": "prior to 6.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-17T04:37:37.783Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"url": "https://jvn.jp/en/jp/JVN22220399/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-47283",
"datePublished": "2023-11-17T04:37:37.783Z",
"dateReserved": "2023-11-13T02:59:03.879Z",
"dateUpdated": "2024-08-02T21:09:36.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42428 (GCVE-0-2023-42428)
Vulnerability from cvelistv5 – Published: 2023-11-17 04:37 – Updated: 2024-08-02 19:16
VLAI
Summary
Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system.
Severity
No CVSS data available.
CWE
- Directory traversal
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CubeCart Limited | CubeCart |
Affected:
prior to 6.5.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:16:51.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN22220399/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CubeCart",
"vendor": "CubeCart Limited",
"versions": [
{
"status": "affected",
"version": "prior to 6.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-17T04:37:21.879Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"url": "https://jvn.jp/en/jp/JVN22220399/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-42428",
"datePublished": "2023-11-17T04:37:21.879Z",
"dateReserved": "2023-11-13T02:59:01.085Z",
"dateUpdated": "2024-08-02T19:16:51.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38130 (GCVE-0-2023-38130)
Vulnerability from cvelistv5 – Published: 2023-11-17 04:37 – Updated: 2025-01-06 17:26
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Cross-site request forgery (CSRF)
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CubeCart Limited | CubeCart |
Affected:
prior to 6.5.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:14.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN22220399/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38130",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-17T15:15:09.827678Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T17:26:05.978Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CubeCart",
"vendor": "CubeCart Limited",
"versions": [
{
"status": "affected",
"version": "prior to 6.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery (CSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-17T04:37:02.535Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/"
},
{
"url": "https://jvn.jp/en/jp/JVN22220399/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-38130",
"datePublished": "2023-11-17T04:37:02.535Z",
"dateReserved": "2023-11-13T02:59:04.704Z",
"dateUpdated": "2025-01-06T17:26:05.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2117 (GCVE-0-2017-2117)
Vulnerability from cvelistv5 – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:39
VLAI
Summary
Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors.
Severity
No CVSS data available.
CWE
- Directory traversal
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/96466 | vdb-entryx_refsource_BID |
| https://forums.cubecart.com/topic/52188-cubecart-… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN63474730/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CubeCart Limited | CubeCart |
Affected:
versions prior to 6.1.5
|
Date Public
2017-04-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96466",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96466"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forums.cubecart.com/topic/52188-cubecart-615-released/"
},
{
"name": "JVN#63474730",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN63474730/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CubeCart",
"vendor": "CubeCart Limited",
"versions": [
{
"status": "affected",
"version": "versions prior to 6.1.5"
}
]
}
],
"datePublic": "2017-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "96466",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96466"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forums.cubecart.com/topic/52188-cubecart-615-released/"
},
{
"name": "JVN#63474730",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN63474730/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CubeCart",
"version": {
"version_data": [
{
"version_value": "versions prior to 6.1.5"
}
]
}
}
]
},
"vendor_name": "CubeCart Limited"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96466",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96466"
},
{
"name": "https://forums.cubecart.com/topic/52188-cubecart-615-released/",
"refsource": "MISC",
"url": "https://forums.cubecart.com/topic/52188-cubecart-615-released/"
},
{
"name": "JVN#63474730",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN63474730/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2117",
"datePublished": "2017-04-28T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:39:32.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2098 (GCVE-0-2017-2098)
Vulnerability from cvelistv5 – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:39
VLAI
Summary
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
Severity
No CVSS data available.
CWE
- Directory traversal
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://forums.cubecart.com/topic/52088-cubecart-… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN81618356/index.html | third-party-advisoryx_refsource_JVN |
| http://www.securityfocus.com/bid/95866 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CubeCart Limited | CubeCart |
Affected:
versions prior to 6.1.4
|
Date Public
2017-04-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forums.cubecart.com/topic/52088-cubecart-614-released/"
},
{
"name": "JVN#81618356",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN81618356/index.html"
},
{
"name": "95866",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95866"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CubeCart",
"vendor": "CubeCart Limited",
"versions": [
{
"status": "affected",
"version": "versions prior to 6.1.4"
}
]
}
],
"datePublic": "2017-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forums.cubecart.com/topic/52088-cubecart-614-released/"
},
{
"name": "JVN#81618356",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN81618356/index.html"
},
{
"name": "95866",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95866"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CubeCart",
"version": {
"version_data": [
{
"version_value": "versions prior to 6.1.4"
}
]
}
}
]
},
"vendor_name": "CubeCart Limited"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forums.cubecart.com/topic/52088-cubecart-614-released/",
"refsource": "MISC",
"url": "https://forums.cubecart.com/topic/52088-cubecart-614-released/"
},
{
"name": "JVN#81618356",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN81618356/index.html"
},
{
"name": "95866",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95866"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2098",
"datePublished": "2017-04-28T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:39:32.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}