What the vulnerability does
01Description
An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product.
CVSS base score
6.3/10
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Key dates
02Disclosure timeline
April 17, 2026
CVE published
April 17, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2018-25429 Paroiciel 11.20 SQL Injection via zProIdPro Parameter
CVE-2024-0459 Blood Bank & Donor Management request-received-bydonar.php sql injection
CVE-2022-43457 Delta Electronics DIAEnergie SQL Injection
CVE-2026-5586 zhongyu09 openchatbi Multi-stage Text2SQL Workflow sql injection
CVE-2020-5428 Possibility of SQL Injection in Spring Cloud Task Execution Sorting Query
