Description

Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/sqlpatch.php, which allows remote attackers to execute arbitrary SQL commands via the query_string parameter in an execute action, in conjunction with a PATH_INFO of password_forgotten.php, related to a "SQL Execution" issue.

Remediation

References

CVE-2009-2254

Related Vulnerabilities

WordPress Plugin Unlimited Elements For Elementor (Free Widgets, Addons, Templates) SQL Injection (1.5.107)

Django URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-14574)

WordPress Plugin Edwiser Bridge-WordPress Moodle LMS Integration Multiple Cross-Site Request Forgery Vulnerabilities (2.0.6)

Oracle Database Server CVE-2008-1813 Vulnerability (CVE-2008-1813)

WordPress Plugin WP to Twitter Cross-Site Request Forgery (3.2.9)

Severity

High

Classification

CVE-2009-2254 CWE-138

Tags

Missing Update Known Vulnerabilities