CVE-2005-3997
- EPSS 0.99%
- Published 05.12.2005 00:03:00
- Last modified 03.04.2025 01:03:51
Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including (1) graphs/banner_daily.php, (2) graphs/banner_infobox.php,...
CVE-2004-2023
- EPSS 1.31%
- Published 31.12.2004 05:00:00
- Last modified 03.04.2025 01:03:51
SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 before patch 1, and possibly other versions allows remote attackers to execute arbitrary SQL via the (1) admin_name or (2) admin_pass parameters.
CVE-2004-2024
- EPSS 0.47%
- Published 31.12.2004 05:00:00
- Last modified 03.04.2025 01:03:51
The distribution of Zen Cart 1.1.4 before patch 2 includes certain debugging code in the Admin password retrieval functionality, which allows attackers to gain administrative privileges via password_forgotten.php.
CVE-2004-2025
- EPSS 0.43%
- Published 31.12.2004 05:00:00
- Last modified 03.04.2025 01:03:51
SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 before patch 2 may allow remote attackers to execute arbitrary SQL commands via the products_id parameter.