PT-2006-5032 · Zen Cart · Zen Cart

Published

2006-08-17

·

Updated

2017-07-20

·

CVE-2006-4214

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Zen Cart versions 1.3.0.2 and earlier
Description The issue allows remote attackers to execute arbitrary SQL commands, potentially modifying session elements. This can be achieved through various means, including:
  • ipn get stored session function in ipn main handler.php via GPC data,
  • a session id within a cookie to whos online session recreate,
  • the quantity field to the add cart function,
  • an id[] parameter when adding an item to a shopping cart,
  • a redemption code when checking out via the dc redeem code parameter to includes/modules/order total/ot coupon.php. Remote authenticated users can also exploit this issue.
Recommendations For Zen Cart versions 1.3.0.2 and earlier, consider disabling the ipn get stored session function and restricting access to the whos online session recreate function, add cart function, and ot coupon.php module until a patch is available. Avoid using the quantity field and id[] parameter in the affected functions, and restrict the use of the dc redeem code parameter in the checkout process. Update to a version later than 1.3.0.2 to resolve the issue.

Fix

RCE

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2006-4214

Affected Products

Zen Cart