Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3996

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2005-3996
Last Modified 08 Aug 2011 12:00:00
Published 04 Dec 2005 07:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2005-3996

Summary

SQL injection vulnerability in admin/password_forgotten.php in Zen Cart 1.2.6d and earlier allows remote attackers to execute arbitrary SQL commands via the admin_email parameter.

Vulnerable Systems

Application

  • Zen-cart Zen Cart 1.2.6d


References

XF - forgotten-sql-injection(23510)

VUPEN - ADV-2005-2728

BID - 15690

BUGTRAQ - 20051205 = 1.2.6d blind SQL injection / remote commands execution:

BUGTRAQ - 20051202 Zen-Cart <= 1.2.6d blind SQL injection / remote commands execution:

OSVDB - 21411

SECTRACK - 1015306

SECUNIA - 17869

MISC - http://rgod.altervista.org/zencart_126d_xpl.html


Last Updated: 27 May 2016 10:41:08