Description

A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible.

Remediation

References

CVE-2026-35496

Related Vulnerabilities

MySQL CVE-2019-2529 Vulnerability (CVE-2019-2529)

WordPress Plugin Scribble Maps Cross-Site Scripting (1.2)

WordPress Plugin Button Widget Smartsoft Cross-Site Request Forgery (1.0.1)

Apache HTTP Server Improper Access Control Vulnerability (CVE-2025-23048)

WordPress Plugin BuddyPress Multiple Vulnerabilities (1.9.1)

Severity

Low

Classification

CVE-2026-35496 CWE-22 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities