CVE-2015-2183

Name of the Vulnerable Software and Affected Versions ZeusCart version 4

Description The issue concerns SQL injection vulnerabilities in the administrative backend. These vulnerabilities allow remote administrators to execute arbitrary SQL commands. This can be achieved through the id parameter in either a disporders detail or subadminmgt edit action, or the cid parameter in an editcurrency action to admin/.

Recommendations For ZeusCart version 4, avoid using the id parameter in disporders detail or subadminmgt edit actions and the cid parameter in editcurrency actions to admin/ until a fix is available. As a temporary workaround, consider restricting access to these parameters to minimize the risk of exploitation.