7.5

CVE-2004-2023

SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 before patch 1, and possibly other versions allows remote attackers to execute arbitrary SQL via the (1) admin_name or (2) admin_pass parameters.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zen CartZen Cart Version1.1.2d
Zen CartZen Cart Version1.1.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.81% 0.758
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://marc.info/?l=bugtraq&m=108489697219781&w=2
http://secunia.com/advisories/11649
Patch
http://securitytracker.com/id?1010172
http://www.osvdb.org/6298
http://www.packetstormsecurity.org/0405-advisories/zencart112d.txt
http://www.securityfocus.com/archive/1/434237/30/4950/threaded
http://www.securityfocus.com/bid/10378
http://www.zen-cart.com/modules/ipb/index.php?showtopic=4835
Vendor Advisory
http://www.zen-cart.com/modules/mydownloads/viewcat.php?cid=31&orderby=dateD
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/16176