ByteOS Network

Source-secalert@redhat.com

Published At-21 Feb, 2012 | 13:31

Updated At-11 Apr, 2025 | 00:51

Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:N

Type: Primary

Version: 2.0

Base score: 5.8

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:P/A:N

CPE Matches

cubecart>>cubecart>>Versions up to 3.0.20(inclusive)

cpe:2.3:a:cubecart:cubecart:*:*:*:*:*:*:*:*

cubecart>>cubecart>>3.0.0

cpe:2.3:a:cubecart:cubecart:3.0.0:*:*:*:*:*:*:*

cubecart>>cubecart>>3.0.1

cpe:2.3:a:cubecart:cubecart:3.0.1:*:*:*:*:*:*:*

cubecart>>cubecart>>3.0.2

cpe:2.3:a:cubecart:cubecart:3.0.2:*:*:*:*:*:*:*

cubecart>>cubecart>>3.0.3

cpe:2.3:a:cubecart:cubecart:3.0.3:*:*:*:*:*:*:*

cubecart>>cubecart>>3.0.4

cpe:2.3:a:cubecart:cubecart:3.0.4:*:*:*:*:*:*:*

cubecart>>cubecart>>3.0.5

cpe:2.3:a:cubecart:cubecart:3.0.5:*:*:*:*:*:*:*

cubecart>>cubecart>>3.0.6

cpe:2.3:a:cubecart:cubecart:3.0.6:*:*:*:*:*:*:*

cubecart>>cubecart>>3.0.7

cpe:2.3:a:cubecart:cubecart:3.0.7:*:*:*:*:*:*:*

cubecart>>cubecart>>3.0.8

cpe:2.3:a:cubecart:cubecart:3.0.8:*:*:*:*:*:*:*

cubecart>>cubecart>>3.0.9

cpe:2.3:a:cubecart:cubecart:3.0.9:*:*:*:*:*:*:*

cubecart>>cubecart>>3.0.10

cpe:2.3:a:cubecart:cubecart:3.0.10:*:*:*:*:*:*:*

cubecart>>cubecart>>3.0.11

cpe:2.3:a:cubecart:cubecart:3.0.11:*:*:*:*:*:*:*

cubecart>>cubecart>>3.0.12

cpe:2.3:a:cubecart:cubecart:3.0.12:*:*:*:*:*:*:*

cubecart>>cubecart>>3.0.13

cpe:2.3:a:cubecart:cubecart:3.0.13:*:*:*:*:*:*:*

cubecart>>cubecart>>3.0.14

cpe:2.3:a:cubecart:cubecart:3.0.14:*:*:*:*:*:*:*

cubecart>>cubecart>>3.0.15

cpe:2.3:a:cubecart:cubecart:3.0.15:*:*:*:*:*:*:*

cubecart>>cubecart>>3.0.16

cpe:2.3:a:cubecart:cubecart:3.0.16:*:*:*:*:*:*:*

cubecart>>cubecart>>3.0.17

cpe:2.3:a:cubecart:cubecart:3.0.17:*:*:*:*:*:*:*

cubecart>>cubecart>>3.0.18

cpe:2.3:a:cubecart:cubecart:3.0.18:*:*:*:*:*:*:*

cubecart>>cubecart>>3.0.19

cpe:2.3:a:cubecart:cubecart:3.0.19:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-20	Primary	nvd@nist.gov

CWE ID: CWE-20

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://archives.neohapsis.com/archives/bugtraq/2012-02/0058.html	secalert@redhat.com	Exploit
http://osvdb.org/79140	secalert@redhat.com	N/A
http://osvdb.org/79141	secalert@redhat.com	N/A
http://www.openwall.com/lists/oss-security/2012/02/12/4	secalert@redhat.com	Exploit
http://www.openwall.com/lists/oss-security/2012/02/13/5	secalert@redhat.com	Exploit
http://www.openwall.com/lists/oss-security/2012/02/18/1	secalert@redhat.com	Exploit
http://www.securityfocus.com/bid/51966	secalert@redhat.com	Exploit
http://www.securitytracker.com/id?1026711	secalert@redhat.com	N/A
http://yehg.net/lab/pr0js/advisories/%5Bcubecart_3.0.20_3.0.x%5D_open_url_redirection	secalert@redhat.com	Exploit
http://archives.neohapsis.com/archives/bugtraq/2012-02/0058.html	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://osvdb.org/79140	af854a3a-2127-422b-91ae-364da2661108	N/A
http://osvdb.org/79141	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.openwall.com/lists/oss-security/2012/02/12/4	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://www.openwall.com/lists/oss-security/2012/02/13/5	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://www.openwall.com/lists/oss-security/2012/02/18/1	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://www.securityfocus.com/bid/51966	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://www.securitytracker.com/id?1026711	af854a3a-2127-422b-91ae-364da2661108	N/A
http://yehg.net/lab/pr0js/advisories/%5Bcubecart_3.0.20_3.0.x%5D_open_url_redirection	af854a3a-2127-422b-91ae-364da2661108	Exploit