PT-2012-2918 · Cubecart · Cubecart
Aung Khant
·
Published
2012-02-21
·
Updated
2018-01-11
·
CVE-2012-0865
CVSS v2.0
5.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
CubeCart versions 3.0.20 and earlier
Description
The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. This can be achieved via a URL in the
r parameter to "switch.php" or the goto parameter to "admin/login.php".Recommendations
For CubeCart versions 3.0.20 and earlier, update to a version later than 3.0.20 to resolve the issue.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cubecart