MidnightBSD

Advisories for zen_cart

CVE-2004-2023 HIGH

SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 before patch 1, and possibly other versions allows remote attackers to execute arbitrary SQL via the (1) admin_name or (2) admin_pass parameters.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
zen_cart zen_cart 1.1.2d
zen_cart zen_cart 1.1.4
CVE-2004-2024 HIGH

The distribution of Zen Cart 1.1.4 before patch 2 includes certain debugging code in the Admin password retrieval functionality, which allows attackers to gain administrative privileges via password_forgotten.php.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
zen_cart zen_cart 1.1.4
CVE-2004-2025 HIGH

SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 before patch 2 may allow remote attackers to execute arbitrary SQL commands via the products_id parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
zen_cart zen_cart 1.1.3
CVE-2005-3997 LOW

Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including (1) graphs/banner_daily.php, (2) graphs/banner_infobox.php, (3) graphs/banner_yearly.php, (4) graphs/banner_monthly.php, (5) application_bottom.php, (6) attributes_preview.php, (7) modules/category_product_listing.php, (8) modules/copy_to_confirm.php, (9) modules/delete_product_confirm.php, and (10) modules/move_product_confirm.php, which leaks the web server path in the resulting error message.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
zen_cart zen_cart *
CVE-2006-0696 HIGH

SQL injection vulnerability in Zen Cart before 1.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
zen_cart zen_cart 1.2.6d
zen_cart zen_cart 1.2.3d
zen_cart zen_cart 1.2.5d
zen_cart zen_cart 1.2.0d
zen_cart zen_cart 1.2.1_patch1
zen_cart zen_cart 1.1.0
zen_cart zen_cart 1.1.1d
zen_cart zen_cart 1.2.2d
zen_cart zen_cart 1.2.4d
zen_cart zen_cart 1.2.4.1
zen_cart zen_cart 1.1.4d
zen_cart zen_cart 1.1.3d
zen_cart zen_cart 1.2.1d
zen_cart zen_cart 1.1.2d
CVE-2006-0698 HIGH

Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote attackers to cause unknown impact via unspecified vectors related to "other attempted exploits" other than SQL injection.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
zen_cart zen_cart 1.2.6d
zen_cart zen_cart 1.2.3d
zen_cart zen_cart 1.2.5d
zen_cart zen_cart 1.2.0d
zen_cart zen_cart 1.2.1_patch1
zen_cart zen_cart 1.1.0
zen_cart zen_cart 1.1.1d
zen_cart zen_cart 1.2.2d
zen_cart zen_cart 1.2.4d
zen_cart zen_cart 1.2.4.1
zen_cart zen_cart 1.1.4d
zen_cart zen_cart 1.1.3d
zen_cart zen_cart 1.2.1d
zen_cart zen_cart 1.1.2d
CVE-2006-3757 MEDIUM

index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain sensitive information via empty (1) _GET[], (2) _SESSION[], (3) _POST[], (4) _COOKIE[], or (5) _SESSION[] array parameters, which reveals the installation path in an error message. NOTE: this issue might be resultant from a global overwrite vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
zen_cart zen_cart 1.3.0.2
CVE-2008-6877 MEDIUM

Directory traversal vulnerability in admin/includes/initsystem.php in Zen Cart 1.3.8 and 1.3.8a, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the loader_file parameter. NOTE: the vendor disputes this issue, stating "at worst, the use of this vulnerability will reveal some local file paths.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
zen_cart zen_cart 1.3.8
zen_cart zen_cart 1.3.8a
CVE-2008-6878 MEDIUM

Directory traversal vulnerability in admin/includes/languages/english.php in Zen Cart 1.3.8a, 1.3.8, and earlier, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _SESSION[language] parameter. NOTE: the vendor disputes this issue, stating "at worst, the use of this vulnerability will reveal some local file paths.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
zen_cart zen_cart 1.3.8
zen_cart zen_cart 1.3.8a