Description

Multiple SQL injection vulnerabilities in includes/classes/shopping_cart.php in Zen Cart 1.2.0 through 1.3.8a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter when (1) adding or (2) updating the shopping cart.

Remediation

References

CVE-2008-6985

Related Vulnerabilities

WordPress Plugin WP Reroute Email Cross-Site Scripting (1.4.9)

WordPress Plugin WordPress Email Template Designer-WP HTML Mail HTML Injection (2.9.0.3)

WordPress Plugin Freetobook review widget Unspecified Vulnerability (1.0)

OpenSSL Cryptographic Issues Vulnerability (CVE-2014-3570)

Joomla! Core 1.7.x SQL Injection (1.7.0 - 1.7.4)

Severity

Medium

Classification

CVE-2008-6985 CWE-138

Tags

Missing Update Known Vulnerabilities