Main Vulnerability Database Exploits ID:4168 - Exploit for Input validation error in CubeCart - CVE-2012-0865

ID:4168 - Exploit for Input validation error in CubeCart - CVE-2012-0865

Published: August 11, 2020

Vulnerability identifier: #VU44253

Vulnerability risk: Medium

CVE-ID: CVE-2012-0865

CWE-ID: CWE-20

Exploitation vector: Remote access

Vulnerable software:
CubeCart

Link to public exploit:

https://www.exploit-db.com/exploits/36686/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php.

Remediation

Install update from vendor's website.

ID:4168 - Exploit for Input validation error in CubeCart - CVE-2012-0865

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human