Vulnerabilities > CVE-2004-2023 - Unspecified vulnerability in ZEN Cart ZEN Cart 1.1.2D/1.1.4
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 before patch 1, and possibly other versions allows remote attackers to execute arbitrary SQL via the (1) admin_name or (2) admin_pass parameters.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
References
- http://marc.info/?l=bugtraq&m=108489697219781&w=2
- http://marc.info/?l=bugtraq&m=108489697219781&w=2
- http://secunia.com/advisories/11649
- http://secunia.com/advisories/11649
- http://securitytracker.com/id?1010172
- http://securitytracker.com/id?1010172
- http://www.osvdb.org/6298
- http://www.osvdb.org/6298
- http://www.packetstormsecurity.org/0405-advisories/zencart112d.txt
- http://www.packetstormsecurity.org/0405-advisories/zencart112d.txt
- http://www.securityfocus.com/archive/1/434237/30/4950/threaded
- http://www.securityfocus.com/archive/1/434237/30/4950/threaded
- http://www.securityfocus.com/bid/10378
- http://www.securityfocus.com/bid/10378
- http://www.zen-cart.com/modules/ipb/index.php?showtopic=4835
- http://www.zen-cart.com/modules/ipb/index.php?showtopic=4835
- http://www.zen-cart.com/modules/mydownloads/viewcat.php?cid=31&orderby=dateD
- http://www.zen-cart.com/modules/mydownloads/viewcat.php?cid=31&orderby=dateD
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16176
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16176