Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
ZenCart Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2009-2254 - Vulnerability Database
ZenCart

ZenCart Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2009-2254

High
Reference: CVE-2009-2254
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2009-2254
Title: ZenCart Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

Zen Cart 1.3.8a 1.3.8 and earlier does not require administrative authentication for admin/sqlpatch.php which allows remote attackers to execute arbitrary SQL commands via the query_string parameter in an execute action in conjunction with a PATH_INFO of password_forgotten.php related to a quotSQL Executionquot issue.