Vulnerabilities > CVE-2004-2025 - SQL-Injection vulnerability in ZEN Cart ZEN Cart 1.1.3

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

zen-cart

NVD

Published: 2004-12-31

Updated: 2008-09-05

Summary

SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 before patch 2 may allow remote attackers to execute arbitrary SQL commands via the products_id parameter.

Vulnerable Configurations

Part	Description	Count
Application	Zen_Cart ZEN Cart ZEN Cart 1.1.3	1

References

http://www.zen-cart.com/modules/ipb/index.php?showtopic=3731
http://www.zen-cart.com/modules/mydownloads/viewcat.php?cid=31&orderby=dateD