Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system.
References
| Link | Resource |
|---|---|
| https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/ | Vendor Advisory |
| https://jvn.jp/en/jp/JVN22220399/ | Patch Third Party Advisory |
| https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/ | Vendor Advisory |
| https://jvn.jp/en/jp/JVN22220399/ | Patch Third Party Advisory |
Configurations
History
21 Nov 2024, 08:22
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/ - Vendor Advisory | |
| References | () https://jvn.jp/en/jp/JVN22220399/ - Patch, Third Party Advisory |
22 Nov 2023, 00:05
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-22 | |
| References | () https://forums.cubecart.com/topic/58736-cubecart-653-released-security-update/ - Vendor Advisory | |
| References | () https://jvn.jp/en/jp/JVN22220399/ - Patch, Third Party Advisory | |
| CPE | cpe:2.3:a:cubecart:cubecart:*:*:*:*:*:*:*:* | |
| First Time |
Cubecart cubecart
Cubecart |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
17 Nov 2023, 05:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-11-17 05:15
Updated : 2024-11-21 08:22
NVD link : CVE-2023-42428
Mitre link : CVE-2023-42428
CVE.ORG link : CVE-2023-42428
JSON object : View
Products Affected
cubecart
- cubecart
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')