CNNVD-202509-3555 Information

CNNVD ID

CNNVD-202509-3555

Related CVE

CVE-2025-59335

• CNNVD Published: 2025-09-22

Description (Chinese)

CubeCart是CubeCart开源的一个电子商务软件。 CubeCart 6.5.11之前版本存在安全漏洞，该漏洞源于密码更改后会话未自动过期，可能导致未经授权的用户保持访问权限。

Description (English)

CubeCart is an e-commerce software source for CubeCart. The previous version of CubeCart 6.5.11 had a security loophole, which stemmed from the fact that a password-changed session did not automatically expire, which could result in unauthorized users maintaining access rights.

Hazard Level

Medium

Vulnerability Type

其他

Published

2025-09-22

Last Modified

2026-02-24

References

https://github.com/cubecart/v6/commit/4bfaeb4485dd82255a108940a163af5ba4583b52 https://github.com/cubecart/v6/commit/62d9be8416aa6fd7343f8932d98c5b112b163e26 https://github.com/cubecart/v6/security/advisories/GHSA-4vwh-x8m2-fmvv

Patch

https://www.cubecart.com/