| VID |
21953 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Zen Cart is vulnerable to an SQL injection vulnerability via the 'admin_email' parameter. Zen Cart is an open source e-commerce shopping cart system based on the PHP programming language and a MySQL database. Zen Cart version 1.2.6d and earlier versions are vulnerable to an SQL injection vulnerability, caused by improper filtering of user-supplied input passed to the 'admin_email' parameter of the 'admin/password_forgotten.php' script before using it in a database query. If the 'magic_quotes_gpc' option is disabled, this vulnerability could permit a remote attacker to pass malicious input to database queries, potentially resulting in data exposure, modification of the query logic, or even data modification or attacks against the database itself.
* References:
http://secunia.com/advisories/17869/
http://www.frsirt.com/english/advisories/2005/2728
http://archives.neohapsis.com/archives/bugtraq/2005-12/0045.html
http://retrogod.altervista.org/zencart_126d_xpl.html
http://www.zencart.com/
* Platforms Affected:
Open Source, Zen Cart version 1.2.6d and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Zen Cart (1.2.7d or later), available from the Zen Cart Web page at http://www.zen-cart.com/modules/mydownloads/visit.php?lid=544 |
| Related URL |
CVE-2005-3996 (CVE) |
| Related URL |
15690 (SecurityFocus) |
| Related URL |
23510 (ISS) |
|
