[VIM] Combined Zen Cart issues

Steven M. Christey coley at mitre.org
Wed Aug 3 14:07:31 EDT 2005



References: CAN-2004-2023, CAN-2004-2024, CAN-2004-2025


While I was training a new person yesterday, I ran across some
incorrect references to vendor patches for 3 separate vulns in Zen
Cart.  It appears that there are 3 distinct issues, at least from
CVE's perspective.

Some DB's, at least Secunia and OSVDB, have included references to the
wrong vendor fix, and/or appear to have mixed two issues together.

This caused a bit of confusion before I realized what was going on,
but it was a good demonstration to the trainee of one of the tenets of
the Tao of CVE - "someone somewhere got something wrong" ;-)

CVE's reads on the correct vendor links are below.

- Steve

======================================================
Candidate: CAN-2004-2023
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2023
Reference: BUGTRAQ:20040518 Zen Cart login.php SQL Injection Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108489697219781&w=2
Reference: CONFIRM:http://www.zen-cart.com/modules/ipb/index.php?showtopic=4835
Reference: CONFIRM:http://www.zen-cart.com/modules/mydownloads/viewcat.php?cid=31&orderby=dateD
Reference: BID:10378
Reference: URL:http://www.securityfocus.com/bid/10378
Reference: SECTRACK:1010172
Reference: URL:http://securitytracker.com/id?1010172
Reference: SECUNIA:11649
Reference: URL:http://secunia.com/advisories/11649
Reference: XF:zencart-login-sql-injection(16176)
Reference: URL:http://xforce.iss.net/xforce/xfdb/16176

SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4
before patch 1, and possibly other versions allows remote attackers to
execute arbitrary SQL via the (1) admin_name or (2) admin_pass
parameters.


======================================================
Candidate: CAN-2004-2024
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2024
Reference: CONFIRM:http://www.zen-cart.com/modules/ipb/index.php?showtopic=4873
Reference: CONFIRM:http://www.zen-cart.com/modules/mydownloads/viewcat.php?cid=31&orderby=dateD

The distribution of Zen Cart 1.1.4 before patch 2 includes certain
debugging code in the Admin password retrieval functionality, which
allows attackers to gain administrative privileges via
password_forgotten.php.


======================================================
Candidate: CAN-2004-2025
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2025
Reference: CONFIRM:http://www.zen-cart.com/modules/ipb/index.php?showtopic=3731
Reference: CONFIRM:http://www.zen-cart.com/modules/mydownloads/viewcat.php?cid=31&orderby=dateD

SQL injection vulnerability in application_top.php for Zen Cart 1.1.3
before patch 2 may allow remote attackers to execute arbitrary SQL
commands via the products_id parameter.




More information about the VIM mailing list