CVE-2026-45714— CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE
Possible ATT&CK Techniques 3AI
T1059 · Command and Scripting Interpreter T1068 · Exploitation for Privilege Escalation T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-45714
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE
Source: NVD (National Vulnerability Database)
Vulnerability Description
CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection (SSTI) vulnerability exists in multiple modules of CubeCart (including Email Templates, Invoices, Documents, and Contact Forms). The application unsafely evaluates user-supplied input using the Smarty template engine without enabling Smarty Security Policies. This allows any authenticated user with administrative privileges to execute arbitrary operating system commands (RCE) on the server. This vulnerability is fixed in 6.7.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
CubeCart 代码注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CubeCart是CubeCart开源的一个电子商务软件。 CubeCart 6.7.0之前版本存在代码注入漏洞,该漏洞源于多个模块中存在经过身份验证的服务器端模板注入漏洞,应用程序不安全地评估用户提供的输入,可能导致任何具有管理员权限的经过身份验证的用户在服务器上执行任意操作系统命令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-45714
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-45714
请登录查看更多情报信息。
- https://github.com/cubecart/v6/security/advisories/GHSA-pcfr-xgc9-xfv6x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2026-45714
Same Patch Batch · cubecart · 2026-05-13 · 9 CVEs total
| CVE-2026-45053 | 9.1 CRITICAL | CubeCart: Authenticated Arbitrary File Upload to RCE in REST Files API |
| CVE-2026-44377 | 9.1 CRITICAL | CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE |
| CVE-2026-45055 | 8.1 HIGH | CubeCart: Pre-Authenticated Password Reset Link Poisoning via HTTP Host Header |
| CVE-2026-45708 | 7.2 HIGH | CubeCart: Authenticated RCE via Invoice Template → Order Print |
| CVE-2026-39358 | 7.2 HIGH | CubeCart: Time-based Blind SQL Injection |
| CVE-2026-44376 | 6.1 MEDIUM | CubeCart: Reflected XSS in Store Search Bar |
| CVE-2026-45054 | 4.9 MEDIUM | CubeCart: Authenticated SQL Injection via `sort[]` Parameter in Admin Orders Transactions |
| CVE-2026-39428 | 4.8 MEDIUM | CubeCart: Stored Cross-Site Scripting (XSS) |
IV. Related Vulnerabilities
Same product: v6
- CVE-2026-45708
CubeCart: Authenticated RCE via Invoice Template → Order Pri - CVE-2026-45055
CubeCart: Pre-Authenticated Password Reset Link Poisoning vi - CVE-2026-45054
CubeCart: Authenticated SQL Injection via `sort[]` Parameter - CVE-2026-45053
CubeCart: Authenticated Arbitrary File Upload to RCE in REST - CVE-2026-44376
CubeCart: Reflected XSS in Store Search Bar
Same vendor: cubecart
- CVE-2026-45708
CubeCart: Authenticated RCE via Invoice Template → Order Pri - CVE-2026-45055
CubeCart: Pre-Authenticated Password Reset Link Poisoning vi - CVE-2026-45054
CubeCart: Authenticated SQL Injection via `sort[]` Parameter - CVE-2026-45053
CubeCart: Authenticated Arbitrary File Upload to RCE in REST - CVE-2026-44376
CubeCart: Reflected XSS in Store Search Bar
Same weakness: CWE-94
- CVE-2021-47952
python jsonpickle 2.0.0 Remote Code Execution via py/repr - CVE-2021-47964
Schlix CMS 2.2.6-6 Remote Code Execution via core.blockmanag - CVE-2026-44717
MCP Calculate Server: Prompt Injection to RCE - CVE-2026-41258
OpenMRS: Stored Velocity SSTI to RCE via ConceptReferenceRan - CVE-2026-35194
Apache Flink: Remote code execution via SQL injection in cod
V. Comments for CVE-2026-45714
No comments yet