CVE-2006-0064

CubeCart - RCE

Title source: llm
STIX 2.1

Description

PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the glob[rootDir] parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by cijfer · perlwebappsphp
https://www.exploit-db.com/exploits/1398

References (2)

Scores

EPSS 0.0718
EPSS Percentile 91.6%

Details

CWE
CWE-94
Status published
Products (1)
devellion/cubecart
Published Jan 03, 2006
Tracked Since Feb 18, 2026