Lucene search

[email protected]CVE-2004-2023

HistoryMay 10, 2005 - 4:00 a.m.

CVE-2004-2023

2005-05-1004:00:00

[email protected]

web.nvd.nist.gov

cve-2004-2023

sql injection

zen cart

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.8%

JSON

SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 before patch 1, and possibly other versions allows remote attackers to execute arbitrary SQL via the (1) admin_name or (2) admin_pass parameters.

Affected configurations

NVD

Node

zen_cartzen_cartMatch1.1.2d

zen_cartzen_cartMatch1.1.4

CPENameOperatorVersion
zen_cart:zen_cartzen carteq1.1.2d
zen_cart:zen_cartzen carteq1.1.4

CPE	Name	Operator	Version
zen_cart:zen_cart	zen cart	eq	1.1.2d
zen_cart:zen_cart	zen cart	eq	1.1.4

References

marc.info/?l=bugtraq&m=108489697219781&w=2

secunia.com/advisories/11649

securitytracker.com/id?1010172

www.osvdb.org/6298

www.packetstormsecurity.org/0405-advisories/zencart112d.txt

www.securityfocus.com/archive/1/434237/30/4950/threaded

www.securityfocus.com/bid/10378

www.zen-cart.com/modules/ipb/index.php?showtopic=4835

www.zen-cart.com/modules/mydownloads/viewcat.php?cid=31&orderby=dateD

exchange.xforce.ibmcloud.com/vulnerabilities/16176

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.8%

JSON

Related for CVE-2004-2023

nvd1 cvelist1