PT-2006-5032 · Zen Cart · Zen Cart

Publicado

2006-08-17

·

Atualizado

2017-07-20

·

CVE-2006-4214

CVSS v2.0

7.5

Alta

VetorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Zen Cart versions 1.3.0.2 and earlier
Description The issue allows remote attackers to execute arbitrary SQL commands, potentially modifying session elements. This can be achieved through various means, including:
  • ipn get stored session function in ipn main handler.php via GPC data,
  • a session id within a cookie to whos online session recreate,
  • the quantity field to the add cart function,
  • an id[] parameter when adding an item to a shopping cart,
  • a redemption code when checking out via the dc redeem code parameter to includes/modules/order total/ot coupon.php. Remote authenticated users can also exploit this issue.
Recommendations For Zen Cart versions 1.3.0.2 and earlier, consider disabling the ipn get stored session function and restricting access to the whos online session recreate function, add cart function, and ot coupon.php module until a patch is available. Avoid using the quantity field and id[] parameter in the affected functions, and restrict the use of the dc redeem code parameter in the checkout process. Update to a version later than 1.3.0.2 to resolve the issue.

Correção

RCE

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2006-4214

Produtos afetados

Zen Cart