N/A

CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) product parameter to view_product.php, which reveals the path in a PHP error message.

N/A

N/A

CubeCart SQL注入漏洞

CubeCart 2.0.6允许远程攻击者通过无效的(1)index.php的language参数，(2)index.php的PHPSESSID参数，(3)tellafriend.php的product参数，(4)view_cart.php的add参数或者(5)view_product.php的product参数来获取敏感信息，从而在PHP出错信息中透露路径。

N/A

N/A