CVE-2012-0865

Current Description

Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php.

Basic Data

PublishedFebruary 21, 2012
Last ModifiedJanuary 11, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-20
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score4.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCubecartCubecart3.0.0*******
    2.3ApplicationCubecartCubecart3.0.1*******
    2.3ApplicationCubecartCubecart3.0.2*******
    2.3ApplicationCubecartCubecart3.0.3*******
    2.3ApplicationCubecartCubecart3.0.4*******
    2.3ApplicationCubecartCubecart3.0.5*******
    2.3ApplicationCubecartCubecart3.0.6*******
    2.3ApplicationCubecartCubecart3.0.7*******
    2.3ApplicationCubecartCubecart3.0.8*******
    2.3ApplicationCubecartCubecart3.0.9*******
    2.3ApplicationCubecartCubecart3.0.10*******
    2.3ApplicationCubecartCubecart3.0.11*******
    2.3ApplicationCubecartCubecart3.0.12*******
    2.3ApplicationCubecartCubecart3.0.13*******
    2.3ApplicationCubecartCubecart3.0.14*******
    2.3ApplicationCubecartCubecart3.0.15*******
    2.3ApplicationCubecartCubecart3.0.16*******
    2.3ApplicationCubecartCubecart3.0.17*******
    2.3ApplicationCubecartCubecart3.0.18*******
    2.3ApplicationCubecartCubecart3.0.19*******
    2.3ApplicationCubecartCubecart********3.0.20

Vulnerable Software List

VendorProductVersions
Cubecart Cubecart *, 3.0.0, 3.0.1, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.0.16, 3.0.17, 3.0.18, 3.0.19, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9

References

NameSourceURLTags
20120210 CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerabilityhttp://archives.neohapsis.com/archives/bugtraq/2012-02/0058.htmlBUGTRAQExploit
79140http://osvdb.org/79140OSVDB
79141http://osvdb.org/79141OSVDB
[oss-security] 20120212 CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerabilityhttp://www.openwall.com/lists/oss-security/2012/02/12/4MLISTExploit
[oss-security] 20120213 Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerabilityhttp://www.openwall.com/lists/oss-security/2012/02/13/5MLISTExploit
[oss-security] 20120217 Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerabilityhttp://www.openwall.com/lists/oss-security/2012/02/18/1MLISTExploit
51966http://www.securityfocus.com/bid/51966BIDExploit
1026711http://www.securitytracker.com/id?1026711SECTRACK
http://yehg.net/lab/pr0js/advisories/%5Bcubecart_3.0.20_3.0.x%5D_open_url_redirectionhttp://yehg.net/lab/pr0js/advisories/%5Bcubecart_3.0.20_3.0.x%5D_open_url_redirectionMISCExploit