SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 before patch 1, and possibly other versions allows remote attackers to execute arbitrary SQL via the (1) admin_name or (2) admin_pass parameters.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zen_cart | zen_cart | 1.1.2d |
| zen_cart | zen_cart | 1.1.4 |
The distribution of Zen Cart 1.1.4 before patch 2 includes certain debugging code in the Admin password retrieval functionality, which allows attackers to gain administrative privileges via password_forgotten.php.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zen_cart | zen_cart | 1.1.4 |
SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 before patch 2 may allow remote attackers to execute arbitrary SQL commands via the products_id parameter.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zen_cart | zen_cart | 1.1.3 |
Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including (1) graphs/banner_daily.php, (2) graphs/banner_infobox.php, (3) graphs/banner_yearly.php, (4) graphs/banner_monthly.php, (5) application_bottom.php, (6) attributes_preview.php, (7) modules/category_product_listing.php, (8) modules/copy_to_confirm.php, (9) modules/delete_product_confirm.php, and (10) modules/move_product_confirm.php, which leaks the web server path in the resulting error message.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zen_cart | zen_cart | * |
SQL injection vulnerability in Zen Cart before 1.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zen_cart | zen_cart | 1.2.6d |
| zen_cart | zen_cart | 1.2.3d |
| zen_cart | zen_cart | 1.2.5d |
| zen_cart | zen_cart | 1.2.0d |
| zen_cart | zen_cart | 1.2.1_patch1 |
| zen_cart | zen_cart | 1.1.0 |
| zen_cart | zen_cart | 1.1.1d |
| zen_cart | zen_cart | 1.2.2d |
| zen_cart | zen_cart | 1.2.4d |
| zen_cart | zen_cart | 1.2.4.1 |
| zen_cart | zen_cart | 1.1.4d |
| zen_cart | zen_cart | 1.1.3d |
| zen_cart | zen_cart | 1.2.1d |
| zen_cart | zen_cart | 1.1.2d |
Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote attackers to cause unknown impact via unspecified vectors related to "other attempted exploits" other than SQL injection.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zen_cart | zen_cart | 1.2.6d |
| zen_cart | zen_cart | 1.2.3d |
| zen_cart | zen_cart | 1.2.5d |
| zen_cart | zen_cart | 1.2.0d |
| zen_cart | zen_cart | 1.2.1_patch1 |
| zen_cart | zen_cart | 1.1.0 |
| zen_cart | zen_cart | 1.1.1d |
| zen_cart | zen_cart | 1.2.2d |
| zen_cart | zen_cart | 1.2.4d |
| zen_cart | zen_cart | 1.2.4.1 |
| zen_cart | zen_cart | 1.1.4d |
| zen_cart | zen_cart | 1.1.3d |
| zen_cart | zen_cart | 1.2.1d |
| zen_cart | zen_cart | 1.1.2d |
index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain sensitive information via empty (1) _GET[], (2) _SESSION[], (3) _POST[], (4) _COOKIE[], or (5) _SESSION[] array parameters, which reveals the installation path in an error message. NOTE: this issue might be resultant from a global overwrite vulnerability.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zen_cart | zen_cart | 1.3.0.2 |
Directory traversal vulnerability in admin/includes/initsystem.php in Zen Cart 1.3.8 and 1.3.8a, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the loader_file parameter. NOTE: the vendor disputes this issue, stating "at worst, the use of this vulnerability will reveal some local file paths.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zen_cart | zen_cart | 1.3.8 |
| zen_cart | zen_cart | 1.3.8a |
Directory traversal vulnerability in admin/includes/languages/english.php in Zen Cart 1.3.8a, 1.3.8, and earlier, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _SESSION[language] parameter. NOTE: the vendor disputes this issue, stating "at worst, the use of this vulnerability will reveal some local file paths.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zen_cart | zen_cart | 1.3.8 |
| zen_cart | zen_cart | 1.3.8a |