Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

ZenCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-6985)

Description

Multiple SQL injection vulnerabilities in includes/classes/shopping_cart.php in Zen Cart 1.2.0 through 1.3.8a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter when (1) adding or (2) updating the shopping cart.

Remediation

References

Related Vulnerabilities

WordPress Plugin Connections Business Directory Cross-Site Scripting (8.5.8)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4608)

WordPress Plugin Post Form-Registration Form-Profile Form for User Profiles and Content Forms for User Submissions Cross-Site Scripting (2.7.2)

WordPress Plugin MSMC-Redirect After Comment Multiple Vulnerabilities (2.1.2)

WordPress Plugin Responsive Owl Carousel for Elementor Local File Inclusion (1.2.0)

Severity

Medium

Classification

CVE-2008-6985 CWE-138

Tags

Missing Update Known Vulnerabilities