Directory Traversal Vulnerability in CubeCart Affects Admin Controls
CVE-2023-42428

6.5MEDIUM

Key Information:

Vendor: CubeCart Limited
Status: CubeCart
Vendor: CVE Published:; 17 November 2023

🔔 Create CubeCart Limited Vulnerability Alert

What is CVE-2023-42428?

A directory traversal vulnerability has been identified in CubeCart versions earlier than 6.5.3, allowing a remote authenticated attacker with administrative privileges to traverse directories on the server. This may enable the attacker to delete critical directories and files, potentially leading to a server compromise. Users are advised to update to the latest version to mitigate this risk.

Affected Version(s)

CubeCart prior to 6.5.3

References

https://forums.cubecart.com/topic/58736-cubecart-653-rele...

https://jvn.jp/en/jp/JVN22220399/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 17, 2023
Vulnerability Reserved
Nov 13, 2023

CVE-2023-42428 Data

JSON