Vulnerability Details : CVE-2008-6985
Multiple SQL injection vulnerabilities in includes/classes/shopping_cart.php in Zen Cart 1.2.0 through 1.3.8a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter when (1) adding or (2) updating the shopping cart.
Vulnerability category: Sql Injection
Exploit prediction scoring system (EPSS) score for CVE-2008-6985
Probability of exploitation activity in the next 30 days: 0.17%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 52 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-6985
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2008-6985
-
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-6985
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/44917
- http://www.securityfocus.com/archive/1/496002/100/0/threaded
- http://www.securityfocus.com/archive/1/496032/100/100/threaded
- http://www.securityfocus.com/bid/31023
-
http://www.zen-cart.com/forum/showthread.php?p=604473
Exploit
-
http://www.gulftech.org/?node=research&article_id=00129-09042008
Exploit
Products affected by CVE-2008-6985
- cpe:2.3:a:zen-cart:zen_cart:1.2.5d:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.2.4d:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.2.3d:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.2.1d:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.2.0d:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.2.2d:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.2.1_patch1:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.3.8a:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.2.6d:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.3.2:*:*:*:*:*:*:*