CVE-2005-1033

CubeCart 2.0.6 - Info Disclosure

Title source: llm

Description

CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) product parameter to view_product.php, which reveals the path in a PHP error message.

Exploits (4)

exploitdb WRITEUP VERIFIED

by John Cobb · textwebappsphp

https://www.exploit-db.com/exploits/25358

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by John Cobb · textwebappsphp

https://www.exploit-db.com/exploits/25357

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by John Cobb · textwebappsphp

https://www.exploit-db.com/exploits/25356

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by John Cobb · textwebappsphp

https://www.exploit-db.com/exploits/25355

View Code ZIP pw:eip

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/14064

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1013660

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=111281457918479&w=2

Scores

EPSS 0.0374

EPSS Percentile 88.1%

Details

Status published

Products (1)

devellion/cubecart 2.0.6

Published May 02, 2005

Tracked Since Feb 18, 2026