| VID |
21954 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Zen Cart is vulnerable to an SQL injection vulnerability via the 'custom' parameter. Zen Cart is an open source e-commerce shopping cart system based on the PHP programming language and a MySQL database. Zen Cart version 1.3.0.2 and earlier versions are vulnerable to an SQL injection vulnerability, caused by improper filtering of user-supplied input passed to the 'custom' parameter of the 'ipn_main_handler.php' script before using it in a database query. If the 'magic_quotes_gpc' option is disabled, this vulnerability could permit a remote attacker to pass malicious input to database queries, potentially resulting in data exposure, modification of the query logic, or even data modification or attacks against the database itself.
* References:
http://secunia.com/advisories/21484/
http://www.frsirt.com/english/advisories/2006/3283
http://www.gulftech.org/?node=research&article_id=00109-08152006
http://www.zencart.com/
* Platforms Affected:
Open Source, Zen Cart version 1.3.0.2 and earlier versions
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of Aug 2006.
Upgrade to the latest version of Zen Cart, when new version fixed this problem becomes available from the Zen Cart Web site at http://www.zen-cart.com/forum/showthread.php?t=43579c
As a workaround, disable PHP's 'register_globals' setting. |
| Related URL |
CVE-2006-4214 (CVE) |
| Related URL |
19542 (SecurityFocus) |
| Related URL |
28393 (ISS) |
|
