Описание
Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/sqlpatch.php, which allows remote attackers to execute arbitrary SQL commands via the query_string parameter in an execute action, in conjunction with a PATH_INFO of password_forgotten.php, related to a "SQL Execution" issue.
Ссылки
- Vendor Advisory
- ExploitPatch
- PatchVendor Advisory
- Patch
- Vendor Advisory
- ExploitPatch
- PatchVendor Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 1.3.8a (включая)
Одно из
cpe:2.3:a:zen-cart:zen_cart:*:*:*:*:*:*:*:*
cpe:2.3:a:zen-cart:zen_cart:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:zen-cart:zen_cart:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:zen-cart:zen_cart:1.2.0d:*:*:*:*:*:*:*
cpe:2.3:a:zen-cart:zen_cart:1.2.1d:*:*:*:*:*:*:*
cpe:2.3:a:zen-cart:zen_cart:1.2.4d:*:*:*:*:*:*:*
cpe:2.3:a:zen-cart:zen_cart:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:zen-cart:zen_cart:1.3.7:*:*:*:*:*:*:*
cpe:2.3:a:zen-cart:zen_cart:1.3.8:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.09565
Низкий
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
почти 4 года назад
Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/sqlpatch.php, which allows remote attackers to execute arbitrary SQL commands via the query_string parameter in an execute action, in conjunction with a PATH_INFO of password_forgotten.php, related to a "SQL Execution" issue.
EPSS
Процентиль: 93%
0.09565
Низкий
7.5 High
CVSS2
Дефекты
CWE-89