CVE-2026-34018

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.3 / 10

Vector String

                                        CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L                                    

An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product.

Published Date

April 17, 2026

Last Modified

April 17, 2026

CWE ID

CWE-89

Source

NVD

Vendor

CubeCart Limited

Product

CubeCart