CVE-2008-6985

2009-08-19T05:24:00
ID CVE-2008-6985
Type cve
Reporter cve@mitre.org
Modified 2018-10-11T20:57:00

Description

Multiple SQL injection vulnerabilities in includes/classes/shopping_cart.php in Zen Cart 1.2.0 through 1.3.8a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter when (1) adding or (2) updating the shopping cart.