CVE

Id
37103  
CVE No.
CVE-2008-6986  
Status
Candidate  
Description
SQL injection vulnerability in the actionMultipleAddProduct function in includes/classes/shopping_cart.php in Zen Cart 1.3.0 through 1.3.8a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the products_id array parameter in a multiple_products_add_product action, a different vulnerability than CVE-2008-6985.  
Phase
Assigned (20090817)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
403196 37103 CVE-2008-6986 BUGTRAQ:20080904 Re: Zen Cart <= 1.3.8a SQL Injection  View
403197 37103 CVE-2008-6986 URL:http://www.securityfocus.com/archive/1/archive/1/496032/100/100/threaded  View
403198 37103 CVE-2008-6986 BUGTRAQ:20080904 Zen Cart <= 1.3.8a SQL Injection  View
403199 37103 CVE-2008-6986 URL:http://www.securityfocus.com/archive/1/archive/1/496002/100/0/threaded  View
403200 37103 CVE-2008-6986 MISC:http://www.gulftech.org/?node=research&article_id=00129-09042008  View
403201 37103 CVE-2008-6986 CONFIRM:http://www.zen-cart.com/forum/showthread.php?p=604473  View
403202 37103 CVE-2008-6986 BID:31023  View
403203 37103 CVE-2008-6986 URL:http://www.securityfocus.com/bid/31023  View
403204 37103 CVE-2008-6986 OSVDB:48347  View
403205 37103 CVE-2008-6986 URL:http://www.osvdb.org/48347  View
403206 37103 CVE-2008-6986 SECUNIA:31758  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
42074 JVNDB-2009-003081 Ezphotogallery の gallery.php における SQL インジェクションの脆弱性 Ezphotogallery の gallery.php には、SQL インジェクションの脆弱性が存在します。 CVE-2008-6990 37103 7.5 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-003081.html  View