Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

CubeCart Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2023-47675)

Description

CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.

Remediation

References

Related Vulnerabilities

WordPress Plugin Advanced Post Type Ratings Cross-Site Scripting (1.01)

Dolibarr Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-3991)

Sqlite Improper Initialization Vulnerability (CVE-2020-11655)

WordPress Plugin Shortlinks by Pretty Links-Best WordPress Link Tracking 'slug' Parameter Cross-Site Scripting (1.5.5)

WordPress Plugin Events Manager Multiple Cross-Site Scripting Vulnerabilities (5.3.3)

Severity

High

Classification

CVE-2023-47675 CWE-138 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities