Vulnerabilities > ZEN Cart

DATE CVE VULNERABILITY TITLE RISK
2006-07-21 CVE-2006-3757 Information Disclosure vulnerability in ZEN Cart ZEN Cart 1.3.0.2
index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain sensitive information via empty (1) _GET[], (2) _SESSION[], (3) _POST[], (4) _COOKIE[], or (5) _SESSION[] array parameters, which reveals the installation path in an error message.
network
low complexity
zen-cart
5.0
2006-02-15 CVE-2006-0698 SQL-Injection vulnerability in Zen Cart
Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote attackers to cause unknown impact via unspecified vectors related to "other attempted exploits" other than SQL injection.
network
low complexity
zen-cart
critical
10.0
2006-02-15 CVE-2006-0697 Permissions, Privileges, and Access Controls vulnerability in Zen-Cart ZEN Cart
Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests.
network
low complexity
zen-cart CWE-264
critical
10.0
2006-02-15 CVE-2006-0696 SQL-Injection vulnerability in Zen Cart
SQL injection vulnerability in Zen Cart before 1.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
zen-cart
7.5
2005-12-05 CVE-2005-3997 Information Disclosure vulnerability in Zen Cart
Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including (1) graphs/banner_daily.php, (2) graphs/banner_infobox.php, (3) graphs/banner_yearly.php, (4) graphs/banner_monthly.php, (5) application_bottom.php, (6) attributes_preview.php, (7) modules/category_product_listing.php, (8) modules/copy_to_confirm.php, (9) modules/delete_product_confirm.php, and (10) modules/move_product_confirm.php, which leaks the web server path in the resulting error message.
network
high complexity
zen-cart
2.6
2005-12-05 CVE-2005-3996 SQL Injection vulnerability in Zen-Cart ZEN Cart
SQL injection vulnerability in admin/password_forgotten.php in Zen Cart 1.2.6d and earlier allows remote attackers to execute arbitrary SQL commands via the admin_email parameter.
network
high complexity
zen-cart CWE-89
5.1
2004-12-31 CVE-2004-2025 SQL-Injection vulnerability in ZEN Cart ZEN Cart 1.1.3
SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 before patch 2 may allow remote attackers to execute arbitrary SQL commands via the products_id parameter.
network
low complexity
zen-cart
7.5
2004-12-31 CVE-2004-2024 Remote Security vulnerability in ZEN Cart ZEN Cart 1.1.4
The distribution of Zen Cart 1.1.4 before patch 2 includes certain debugging code in the Admin password retrieval functionality, which allows attackers to gain administrative privileges via password_forgotten.php.
network
low complexity
zen-cart
7.5
2004-12-31 CVE-2004-2023 SQL Injection vulnerability in ZEN Cart ZEN Cart 1.1.2D/1.1.4
SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 before patch 1, and possibly other versions allows remote attackers to execute arbitrary SQL via the (1) admin_name or (2) admin_pass parameters.
network
low complexity
zen-cart
7.5