Vulnerabilities > ZEN Cart
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-07-21 | CVE-2006-3757 | Information Disclosure vulnerability in ZEN Cart ZEN Cart 1.3.0.2 index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain sensitive information via empty (1) _GET[], (2) _SESSION[], (3) _POST[], (4) _COOKIE[], or (5) _SESSION[] array parameters, which reveals the installation path in an error message. | 5.0 |
2006-02-15 | CVE-2006-0698 | SQL-Injection vulnerability in Zen Cart Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote attackers to cause unknown impact via unspecified vectors related to "other attempted exploits" other than SQL injection. | 10.0 |
2006-02-15 | CVE-2006-0697 | Permissions, Privileges, and Access Controls vulnerability in Zen-Cart ZEN Cart Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests. | 10.0 |
2006-02-15 | CVE-2006-0696 | SQL-Injection vulnerability in Zen Cart SQL injection vulnerability in Zen Cart before 1.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2005-12-05 | CVE-2005-3997 | Information Disclosure vulnerability in Zen Cart Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including (1) graphs/banner_daily.php, (2) graphs/banner_infobox.php, (3) graphs/banner_yearly.php, (4) graphs/banner_monthly.php, (5) application_bottom.php, (6) attributes_preview.php, (7) modules/category_product_listing.php, (8) modules/copy_to_confirm.php, (9) modules/delete_product_confirm.php, and (10) modules/move_product_confirm.php, which leaks the web server path in the resulting error message. | 2.6 |
2005-12-05 | CVE-2005-3996 | SQL Injection vulnerability in Zen-Cart ZEN Cart SQL injection vulnerability in admin/password_forgotten.php in Zen Cart 1.2.6d and earlier allows remote attackers to execute arbitrary SQL commands via the admin_email parameter. | 5.1 |
2004-12-31 | CVE-2004-2025 | SQL-Injection vulnerability in ZEN Cart ZEN Cart 1.1.3 SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 before patch 2 may allow remote attackers to execute arbitrary SQL commands via the products_id parameter. | 7.5 |
2004-12-31 | CVE-2004-2024 | Remote Security vulnerability in ZEN Cart ZEN Cart 1.1.4 The distribution of Zen Cart 1.1.4 before patch 2 includes certain debugging code in the Admin password retrieval functionality, which allows attackers to gain administrative privileges via password_forgotten.php. | 7.5 |
2004-12-31 | CVE-2004-2023 | SQL Injection vulnerability in ZEN Cart ZEN Cart 1.1.2D/1.1.4 SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 before patch 1, and possibly other versions allows remote attackers to execute arbitrary SQL via the (1) admin_name or (2) admin_pass parameters. | 7.5 |