The number one free & open source eCommerce system.
"After working with other shopping cart solutions for many years, CubeCart has to be, in my personal opinion, one of, if not THE best e-commerce solution I have ever used! CubeCart makes life that much easier and retains the hairs..."Dale
CubeCart Screenshots
  • Open Source

    CubeCart is 100% free and completely customisable.
  • Extend

    A plethora of extensions are available from payment gateways to shipping calculators.
  • Technical Support

    Professional technical support is available directly from our developers.

CubeCart Hosting

CubeCart optimised hosting free for 14 days.
Fast and secure without the middleman.

CubeCart Hosting - 14 Day Trail


Self manage on 3rd party Linux web hosting.
License: GPL 3.0 • GitHub: cubecart/v6

Download 6.5.5

What is CubeCart?

Whether you are a retailer looking for an online store or a webmaster seeking an ecommerce solution for a client… CubeCart is a powerful free ecommerce solution enabling thousands of merchants globally to sell digital or physical products online.

Latest News

New CubeCart Hosting "Starter" Plan

We are pleased to announce a new hosting plan designed for very tight budgets.

Our "Starter" plan has a monthly fee of €10.00 / CA$16.00 / A$17.00 / US$11.00 / £9.00 per month and includes everything you need to start an eCommerce business online. This includes free installation of CubeCart and an email account. 

Find out more and sign up at

Permalink | 21st June 2024 10:46

14 Day Trial & Free Migration on all Official CubeCart Hosting Plans

We are offering a 14 day free trial on all web hosting plans including free migration from your existing web host. We'll even upgrade your store to the latest version at no extra cost!

Our hosting is specially optimised for CubeCart stores which include;

  • lightening fast dedicated memory caching.
  • elasticsearch for search as you type functionality. 
  • the best CubeCart technical support direct from our developers.

No more hosting middle man! Come and give us a try.

Sign up now at 🚀

Permalink | 14th May 2024 11:31

CubeCart 6.5.5 Released - Minor Security Update

This release of CubeCart not only resolves a number of stability issues found in the previous version but patches a minor security vulnerability. We are grateful and thankful to Julio Araujo for reporting this so clearly and responsibly.

The security patch (GitHub issue #3570) prevents malicious .phar type files from being uploaded via the back office of the store. Please note that a bad actor would need to have successfully authenticated into the back office in order to take advantage of this vulnerability. On those grounds we do not consider this to be a significant threat. 

To patch this vulnerability please either upgrade to CubeCart 6.5.5 or amend the code in the security patch linked above. 


Permalink | 24th April 2024 13:49

CubeCart 6.5.4 Released

We are please to announce the release of CubeCart 6.5.4. This is a maintenance release with a number of minor new features.

Important Release Notes
This version converts the database encoding to utf8mb4. Please make sure that your installation of MySQL or MariaDB supports this character set. *

Download: CubeCart-6.5.4

The table below shows the new features added to this release. All 95 closed issues can be found on GitHub.

Issue New Feature
List view aded to filemanager.
#3544 Sorter added to filemanager for name, date added and filesize (see screenshot above).
#3536 reCaptcha added to password recovery tool.
#3532 Customer comments icon with link added to dashboard orders (unsettled orders) list.
#3525 Bulk action to add/remove orders from dashboard (unsettled orders).
#3488 Use of hooks to manipulate dashboard (unsettled orders) bulk actions.
#3487 Order list to have new "Last Updated" column with sorter.
#3447 Preview icon on category and document list to view on front end.
#3427 Switch to allow for product and category descriptions to be parsed via Smarty (for dynamic contnt).
#3425 Improved character set support utf8mb3 to utf8mb4
Exchange rate "buffer" with percentage adjustment.
#3418 Order summary to show both custom order ID (if available) and traditional order ID.
#3413 Filemanager last location memory for product option images
Adjust product sales report by date.
#3385 Switch off order email whilst in PayPal Sandbox mode (PayPal Commerce 1.9.5+ required).
Rich Text Editor - Emoji Picker Plugin


* It is possible to list available UTF8 character sets with the MySQL command:


Screenshot 2024-04-15 at 09.59.15.png

Permalink | 15th April 2024 08:59

CubeCart 6.5.3 Released - Security Update

Many thanks to Gen Sato from Mitsui Bussan Secure Directions, Inc. for responsibly reporting a number of security issues found in all version of CubeCart up to 6.5.3. Please note that these vulnerabilities are executable if a bad actor has authenticated into the back end of the victims store.


  1. Directory traversal (any file download) - GitHub Issue #3410 
  2. Directory traversal (deletion of arbitrary files and directories) - GitHub Issue #3409
  3. CSRF bypassing CSRF token checks - GitHub Issue #3408
  4. OS Command Injection - This vulnerability concerns the ability for the Smarty template engine to be able to execute dangerous functions.

    {system('echo ^<?php phpinfo(); > C:/xampp/htdocs/testout.php')}

    No patch has been created for this vulnerability but instead we strongly recommend disabling dangerous PHP functions as recommended by our free CubeCart Security Suite. We suggest disabling the following PHP functions with your php.ini file then restarting the web server. 

    disable_functions = exec, system, passthru, pcntl_exec, popen, proc_open, shell_exec

This release also patches a number of other maintenance updates

Upgrading to 6.5.3 is highly recommended. If for some reason you are unable to upgrade to this version it is possible to find the code patches for each vulnerability within each GitHub issue above. If you require help, technical support is available. 



Permalink | 30th October 2023 10:40

  • BarclayCard Partner Logo
  • Chronopay Logo
  • eWay Logo
  • Nochex Logo
  • Skrill Logo
  • Logo
  • Payment Sense Logo
  • PayPal Partner Logo
  • PayVector Logo
  • SagePay Partner Logo
  • Total Web Solutions Logo
  • Worlday Logo