CVE-2008-6615

Zen Cart 2008 - SQL Injection via Advanced Search Keyword Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6615. PoCs published by Ivan Sanchez.

AI-analyzed exploit summary The exploit demonstrates an SQL injection vulnerability in Zen Cart by injecting a malformed query via the 'keyword' parameter in the advanced search functionality. The payload bypasses input sanitization, allowing arbitrary SQL execution.

Description

SQL injection vulnerability in index.php in Zen Software Zen Cart 2008 allows remote attackers to execute arbitrary SQL commands via the keyword parameter in the advanced_search_result page. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ivan Sanchez · textwebappsphp

https://www.exploit-db.com/exploits/31725

View Code ZIP pw:eip

The exploit demonstrates an SQL injection vulnerability in Zen Cart by injecting a malformed query via the 'keyword' parameter in the advanced search functionality. The payload bypasses input sanitization, allowing arbitrary SQL execution.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Zen Cart 2008

No auth needed

Prerequisites: Access to the target Zen Cart application

MITRE ATT&CK

T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/29020

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/42161

Exploit x_refsource_misc

http://downloads.securityfocus.com/vulnerabilities/exploits/29020.html

Scores

EPSS 0.0096

EPSS Percentile 56.9%

Details

CWE

CWE-89

Status published

Products (1)

zen-cart/zen_cart 2008

Published Apr 06, 2009

Tracked Since Feb 18, 2026