CVE-2006-4214
Zen Cart 1.3.0.2 and earlier contains multiple SQL injection vulnerabilities. The flaws are exploitable via: (1) GPC data to ipn_get_stored_session in ipn_main_handler.php (can modify $_SESSION), (2) session id in a cookie to whos_online_session_recreate, (3) quantity in add_cart, (4) id[] when a...