https://www.securityfocus.com/bid/90212
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-188

CubeCart2.0.0至2.0.5允许远程攻击者通过不包括(1)information.php，(2)language.php，(3)list_docs.php，(4)popular_prod.php，(5)sale.php，(6)subfooter.inc.php，(7)subheader.inc.php，(8)cat_navi.php或(9)check_sum.php中参数的直接调用来决定服务器的完整路径，从而在PHP出错信息中透露路径。

Devellion Cubecart 2.0.5

Devellion Cubecart 2.0.3

Devellion Cubecart 2.0.2

Devellion Cubecart 2.0.1

Devellion Cubecart 2.0.0

来源:www.cubecart.com
链接:http://www.cubecart.com/site/forums/index.php?showtopic=6032
来源:XF
名称:cubecart-multiple-path-disclosure(20638)
链接:http://xforce.iss.net/xforce/xfdb/20638
来源:SECTRACK
名称:1013304
链接:http://securitytracker.com/id?1013304
来源:MISC
链接:http://lostmon.blogspot.com/2005/02/cubecart-20x-multiple-variable-xss.html