Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-45055— CubeCart: Pre-Authenticated Password Reset Link Poisoning via HTTP Host Header

CVSS 8.1 · High EPSS 0.03% · P8

Affected Version Matrix 1

VendorProductVersion RangeStatus
cubecartv6< 6.7.2affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-45055

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
CubeCart: Pre-Authenticated Password Reset Link Poisoning via HTTP Host Header
Source: NVD (National Vulnerability Database)
Vulnerability Description
CubeCart is an ecommerce software solution. Prior to 6.7.2, CubeCart 6.6.x – 6.7.1 builds CC_STORE_URL directly from the Host request header at bootstrap, with no allowlist. The constant is embedded verbatim into transactional email links, most critically the password-reset link in User::passwordRequest() (and the admin equivalent in Admin::passwordRequest()). An unauthenticated attacker who knows a target email can POST /index.php?_a=recover with Host: evil.com; CubeCart writes a fresh verify token (valid 3,600 s) and emails the victim a link http://evil.com/index.php?_a=recovery&validate=<TOKEN>. The token is valid against the legitimate store — capturing the victim's click on evil.com yields full account takeover, or store takeover when an admin email is targeted. This vulnerability is fixed in 6.7.2.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
CubeCart 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CubeCart是CubeCart开源的一个电子商务软件。 CubeCart 6.6.x至6.7.1版本存在输入验证错误漏洞,该漏洞源于从Host请求头直接构建CC_STORE_URL常量并嵌入交易邮件链接,可能导致账户接管。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
cubecartv6 < 6.7.2 -

II. Public POCs for CVE-2026-45055

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-45055

登录查看更多情报信息。

Same Patch Batch · cubecart · 2026-05-13 · 9 CVEs total

CVE-2026-450539.1 CRITICALCubeCart: Authenticated Arbitrary File Upload to RCE in REST Files API
CVE-2026-457149.1 CRITICALCubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE
CVE-2026-443779.1 CRITICALCubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE
CVE-2026-457087.2 HIGHCubeCart: Authenticated RCE via Invoice Template → Order Print
CVE-2026-393587.2 HIGHCubeCart: Time-based Blind SQL Injection
CVE-2026-443766.1 MEDIUMCubeCart: Reflected XSS in Store Search Bar
CVE-2026-450544.9 MEDIUMCubeCart: Authenticated SQL Injection via `sort[]` Parameter in Admin Orders Transactions
CVE-2026-394284.8 MEDIUMCubeCart: Stored Cross-Site Scripting (XSS)

IV. Related Vulnerabilities

Same product: v6
Same vendor: cubecart
Same weakness: CWE-20

V. Comments for CVE-2026-45055

No comments yet

Leave a comment