CVE-2009-4940

Zeuscart - SQL Injection

Title source: rule

Description

SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Br0ly · perlwebappsphp

https://www.exploit-db.com/exploits/8829

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/8829

Scores

EPSS 0.0023

EPSS Percentile 46.1%

Details

CWE

CWE-89

Status published

Products (1)

zeuscart/zeuscart 2.3

Published Jul 22, 2010

Tracked Since Feb 18, 2026