SQL Injection in Zen-cart Zen_cart

CVE-2008-6986

SQL injection vulnerability in the actionMultipleAddProduct function in includes/classes/shopping_cart.php in Zen Cart 1.3.0 through 1.3.8a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via t…

Vulnerability class: SQL Injection

EPSS: 0.028 (84.6th percentile) — read the EPSS interpretation.

Affected products

Zen-cart Zen_cart — versions 1.3, 1.3.0.2, 1.3.2
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (x_refsource_OSVDB, vdb-entry)
cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
cve@mitre.org (vdb-entry, x_refsource_BID)
cve@mitre.org (Exploit, x_refsource_MISC)