CVE-2008-6985

Zen-cart Zen Cart - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in includes/classes/shopping_cart.php in Zen Cart 1.2.0 through 1.3.8a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter when (1) adding or (2) updating the shopping cart.

Exploits (1)

exploitdb WRITEUP

by GulfTech Security · textwebappslinux

https://www.exploit-db.com/exploits/43436

View Code ZIP pw:eip

References (8)

Core 8

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/496002/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/44917

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/496032/100/100/threaded

Exploit x_refsource_confirm

http://www.zen-cart.com/forum/showthread.php?p=604473

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31758

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/31023

Exploit x_refsource_misc

http://www.gulftech.org/?node=research&article_id=00129-09042008

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/48346

Scores

EPSS 0.0109

EPSS Percentile 78.0%

Details

CWE

CWE-89

Status published

Products (16)

zen-cart/zen_cart 1.2.0d

zen-cart/zen_cart 1.2.1_patch1

zen-cart/zen_cart 1.2.1d

zen-cart/zen_cart 1.2.2d

zen-cart/zen_cart 1.2.3d

zen-cart/zen_cart 1.2.4.1

zen-cart/zen_cart 1.2.4d

zen-cart/zen_cart 1.2.5d

zen-cart/zen_cart 1.2.6d

zen-cart/zen_cart 1.3

... and 6 more

Published Aug 19, 2009

Tracked Since Feb 18, 2026