Intrusion PreventionZenCart.Password.Forgotten.SQL.Injection
Description
SQL injection vulnerability in admin/password_forgotten.php, in Zen Cart 1.2.6d and earlier, allows remote attackers to execute arbitrary SQL commands via the admin_email parameter.
Affected Products
Zen Cart Web Shopping Cart 1.2.6 d
Zen Cart Web Shopping Cart 1.1.2 d
Not Vulnerable: Zen Cart Web Shopping Cart 1.2.7
Impact
Execute arbitrary SQL commands
Recommended Actions
The vendor has released an update to address this issue.
Zen Cart Web Shopping Cart 1.1.2 d
Zen Cart zen-cart-1-2-7-d_full-release.zip
http://prdownloads.sourceforge.net/zencart/zen-cart-1-2-7-d_full-relea se.zip
ZenCart sql_injection_fix.zip
http://www.zen-cart.com/modules/mydownloads/
Zen Cart Web Shopping Cart 1.2.6 d
Zen Cart zen-cart-1-2-7-d_full-release.zip
http://prdownloads.sourceforge.net/zencart/zen-cart-1-2-7-d_full-relea se.zip
ZenCart sql_injection_fix.zip
http://www.zen-cart.com/modules/mydownloads/
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2020-12-11 | 16.978 |
| ID | 13797 |
| Created | Jan 17, 2007 |
| Updated | Nov 15, 2021 |
| Risk |
|
| CVE ID | CVE-2005-3996 |
| Exploit Prediction Score | 1.29% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux, BSD, Solaris, MacOS |
| Affected App | PHP_app |