Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0865

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2012-0865
Last Modified 24 Feb 2012 12:00:00
Published 21 Feb 2012 08:31:45
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0865

Summary

Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php.

Vulnerable Systems

Application

  • Cubecart 3.0.0

  • Cubecart 3.0.1

  • Cubecart 3.0.10

  • Cubecart 3.0.11

  • Cubecart 3.0.12

  • Cubecart 3.0.13

  • Cubecart 3.0.14

  • Cubecart 3.0.15

  • Cubecart 3.0.16

  • Cubecart 3.0.17

  • Cubecart 3.0.18

  • Cubecart 3.0.19

  • Cubecart 3.0.2

  • Cubecart 3.0.20

  • Cubecart 3.0.3

  • Cubecart 3.0.4

  • Cubecart 3.0.5

  • Cubecart 3.0.6

  • Cubecart 3.0.7

  • Cubecart 3.0.8

  • Cubecart 3.0.9


References

MISC - http://yehg.net/lab/pr0js/advisories/%5Bcubecart_3.0.20_3.0.x%5D_open_url_redirection

BID - 51966

MLIST - [oss-security] 20120217 Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability

MLIST - [oss-security] 20120213 Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability

MLIST - [oss-security] 20120212 CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability

OSVDB - 79141

OSVDB - 79140

BUGTRAQ - 20120210 CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability


Last Updated: 27 May 2016 10:58:18