CVE-2008-6985

2009-08-19T01:24:52
ID CVE-2008-6985
Type cve
Reporter NVD
Modified 2018-10-11T16:57:55

Description

Multiple SQL injection vulnerabilities in includes/classes/shopping_cart.php in Zen Cart 1.2.0 through 1.3.8a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter when (1) adding or (2) updating the shopping cart.