[VIM] Combined Zen Cart issues

security curmudgeon jericho at attrition.org
Mon Aug 22 06:16:44 EDT 2005


: ======================================================
: Candidate: CAN-2004-2023
: URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2023
: Reference: BUGTRAQ:20040518 Zen Cart login.php SQL Injection Vulnerability
: Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=108489697219781&w=2
: Reference: CONFIRM:http://www.zen-cart.com/modules/ipb/index.php?showtopic=4835
: Reference: CONFIRM:http://www.zen-cart.com/modules/mydownloads/viewcat.php?cid=31&orderby=dateD
: Reference: BID:10378
: Reference: URL:http://www.securityfocus.com/bid/10378
: Reference: SECTRACK:1010172
: Reference: URL:http://securitytracker.com/id?1010172
: Reference: SECUNIA:11649
: Reference: URL:http://secunia.com/advisories/11649
: Reference: XF:zencart-login-sql-injection(16176)
: Reference: URL:http://xforce.iss.net/xforce/xfdb/16176
: 
: SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4
: before patch 1, and possibly other versions allows remote attackers to
: execute arbitrary SQL via the (1) admin_name or (2) admin_pass
: parameters.

Oops, we did have:

http://osvdb.org/6298
Zen Cart login.php Multiple Variable SQL Injection

We did link to '3731' which is the wrong issue, fixing that!

thanks =)

.b


More information about the VIM mailing list