Multiple SQL injection vulnerabilities in includes/classes/shopping_cart.php in Zen Cart 1.2.0 through 1.3.8a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter when (1) adding or (2) updating the shopping cart.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2009-08-18T10:00:00
Updated: 2018-10-11T19:57:01
Reserved: 2009-08-17T00:00:00
Link: CVE-2008-6985
JSON object: View
NVD Information
Status : Modified
Published: 2009-08-19T05:24:52.453
Modified: 2018-10-11T20:57:55.610
Link: CVE-2008-6985
JSON object: View
Redhat Information
No data.
CWE