Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
SQL injection vulnerability in the actionMultipleAddProduct function in includes/classes/shopping_cart.php in Zen Cart 1.3.0 through 1.3.8a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the products_id array parameter in a multiple_products_add_product action, a different vulnerability than CVE-2008-6985.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zen Cart 'shopping_cart.php' SQL注入漏洞
Vulnerability Description
Zen Cart是开源、免费的商城系统,用于建立专业的网上商店。 Zen Cart 1.3.0到1.3.8a版本中的includes/classes/shopping_cart.php里的actionMultipleAddProduct函数存在SQL注入漏洞。当magic_quotes_gpc被中止时,远程攻击者可以借助多个_产品_添加_产品操作中的产品-id数组参数,执行任意的SQL指令。该漏洞不同于CVE-2008-6985。
CVSS Information
N/A
Vulnerability Type
N/A