CVE-2006-0064

CubeCart - Remote Code Execution via glob[rootDir] Parameter

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0064. PoCs published by cijfer.

AI-analyzed exploit summary This exploit targets a remote command execution vulnerability in CubeCart <=3.0.6 by manipulating the 'glob' and 'cart_order_id' variables to include a remote PHP shell. It requires 'register_globals' to be enabled and uses a custom PHP shell to execute arbitrary commands.

Description

PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the glob[rootDir] parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by cijfer · perlwebappsphp

https://www.exploit-db.com/exploits/1398

View Code ZIP pw:eip

This exploit targets a remote command execution vulnerability in CubeCart <=3.0.6 by manipulating the 'glob' and 'cart_order_id' variables to include a remote PHP shell. It requires 'register_globals' to be enabled and uses a custom PHP shell to execute arbitrary commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: CubeCart <=3.0.6

No auth needed

Prerequisites: register_globals enabled in PHP configuration · Access to a remote PHP shell script

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/0016

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/1398

Scores

EPSS 0.0235

EPSS Percentile 81.5%

Details

CWE

CWE-94

Status published

Products (1)

devellion/cubecart

Published Jan 03, 2006

Tracked Since Feb 18, 2026