Description
Multiple SQL injection vulnerabilities in includes/classes/shopping_cart.php in Zen Cart 1.2.0 through 1.3.8a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter when (1) adding or (2) updating the shopping cart.
Remediation
References
Related Vulnerabilities
WordPress Plugin Portfolio Cross-Site Request Forgery (1.0)
WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.2)
MySQL CVE-2021-2300 Vulnerability (CVE-2021-2300)
WordPress Plugin Photoswipe Masonry Gallery Unspecified Vulnerability (1.2.17)
WordPress Plugin Post Grid, List for WordPress-Content Views Cross-Site Scripting (1.9.0)