PT-2021-12495 · Unknown+1 · It-Recht Kanzlei+1

Gerbert Roitburd

Published

2021-03-19

Updated

2021-03-25

CVE-2020-6577

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Zen Cart version 1.5.6c

Description: The issue concerns a SQL Injection vulnerability in the IT-Recht Kanzlei plugin. Specifically, the itrk-api.php endpoint is affected, allowing SQL Injection through the rechtstext language parameter.

Recommendations: For Zen Cart version 1.5.6c, consider disabling the IT-Recht Kanzlei plugin until a patch is available to prevent exploitation of the SQL Injection vulnerability in the itrk-api.php endpoint. Restrict access to the itrk-api.php endpoint to minimize the risk of exploitation. Avoid using the rechtstext language parameter in the affected endpoint until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2020-6577

Affected Products

It-Recht Kanzlei

Zen Cart

PT-2021-12495 · Unknown+1 · It-Recht Kanzlei+1

CVE-2020-6577

Weakness Enumeration

Related Identifiers

Affected Products

References · 8