Vulnerabilities > CVE-2004-2024 - Remote Security vulnerability in ZEN Cart ZEN Cart 1.1.4

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

zen-cart

NVD

Published: 2004-12-31

Updated: 2008-09-05

Summary

The distribution of Zen Cart 1.1.4 before patch 2 includes certain debugging code in the Admin password retrieval functionality, which allows attackers to gain administrative privileges via password_forgotten.php.

Vulnerable Configurations

Part	Description	Count
Application	Zen_Cart ZEN Cart ZEN Cart 1.1.4	1

References

http://www.zen-cart.com/modules/ipb/index.php?showtopic=4873
http://www.zen-cart.com/modules/mydownloads/viewcat.php?cid=31&orderby=dateD