Description
Multiple SQL injection vulnerabilities in includes/classes/shopping_cart.php in Zen Cart 1.2.0 through 1.3.8a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter when (1) adding or (2) updating the shopping cart.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-0448 Vulnerability (CVE-2013-0448)
Microsoft SQL Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-5090)
MySQL CVE-2018-2773 Vulnerability (CVE-2018-2773)
OpenSSL Other Vulnerability (CVE-2003-0543)
WordPress Plugin Slideshow Gallery LITE Multiple Unspecified Vulnerabilities (1.5.3.3)