ZenCart.Password.Forgotten.SQL.Injection
Description
SQL injection vulnerability in admin/password_forgotten.php, in Zen Cart 1.2.6d and earlier, allows remote attackers to execute arbitrary SQL commands via the admin_email parameter.
Affected Products
Zen Cart Web Shopping Cart 1.2.6 d
Zen Cart Web Shopping Cart 1.1.2 d
Not Vulnerable: Zen Cart Web Shopping Cart 1.2.7
Impact
Execute arbitrary SQL commands
Recommended Actions
The vendor has released an update to address this issue.
Zen Cart Web Shopping Cart 1.1.2 d
Zen Cart zen-cart-1-2-7-d_full-release.zip
http://prdownloads.sourceforge.net/zencart/zen-cart-1-2-7-d_full-relea se.zip
ZenCart sql_injection_fix.zip
http://www.zen-cart.com/modules/mydownloads/
Zen Cart Web Shopping Cart 1.2.6 d
Zen Cart zen-cart-1-2-7-d_full-release.zip
http://prdownloads.sourceforge.net/zencart/zen-cart-1-2-7-d_full-relea se.zip
ZenCart sql_injection_fix.zip
http://www.zen-cart.com/modules/mydownloads/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-12-11 | 16.978 |