Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

cubecart — Vulnerabilities & Security Advisories 13

Browse all 13 CVE security advisories affecting cubecart. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CubeCart is an open-source e-commerce platform enabling businesses to create and manage online stores. Historically, it has been susceptible to various vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and authentication flaws. The platform's 4 recorded CVEs highlight these security concerns, with some incidents allowing attackers to execute arbitrary code or gain unauthorized administrative access. Despite these issues, CubeCart remains a popular choice for small to medium-sized online retailers seeking a cost-effective solution, though users must remain vigilant about applying security patches and following hardening guidelines to mitigate risks.

Found 13 results / 13Clear Filters
Top products by cubecart: v6
CVE IDTitleCVSSSeverityPublished
CVE-2026-45708 CubeCart: Authenticated RCE via Invoice Template → Order Print — v6CWE-94 7.2 High2026-05-13
CVE-2026-45055 CubeCart: Pre-Authenticated Password Reset Link Poisoning via HTTP Host Header — v6CWE-20 8.1 High2026-05-13
CVE-2026-45714 CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE — v6CWE-94 9.1 Critical2026-05-13
CVE-2026-45054 CubeCart: Authenticated SQL Injection via `sort[]` Parameter in Admin Orders Transactions Listing — v6CWE-89 4.9 Medium2026-05-13
CVE-2026-45053 CubeCart: Authenticated Arbitrary File Upload to RCE in REST Files API — v6CWE-434 9.1 Critical2026-05-13
CVE-2026-44376 CubeCart: Reflected XSS in Store Search Bar — v6CWE-79 6.1 Medium2026-05-13
CVE-2026-39428 CubeCart: Stored Cross-Site Scripting (XSS) — v6CWE-79 4.8 Medium2026-05-13
CVE-2026-39358 CubeCart: Time-based Blind SQL Injection — v6CWE-89 7.2 High2026-05-13
CVE-2026-44377 CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE — v6CWE-94 9.1 Critical2026-05-13
CVE-2025-59413 CubeCart Unauthorized Newsletter Unsubscription via force_unsubscribe Parameter — v6CWE-862 6.5 Medium2025-09-22
CVE-2025-59412 CubeCart Vulnerable to HTML Injection in Product Reviews Allows Malicious Links and Defacement — v6CWE-79 5.4 Medium2025-09-22
CVE-2025-59411 CubeCart Stored/Reflected HTML Injection Vulnerability in Contact Enquiry — v6CWE-79 5.4 Medium2025-09-22
CVE-2025-59335 CubeCart Session Not Invalidated After Password Change — v6CWE-613 7.1 High2025-09-22

This page lists every published CVE security advisory associated with cubecart. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.