CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-6986

SQL injection vulnerability in the actionMultipleAddProduct function in includes/classes/shopping_cart.php in Zen Cart 1.3.0 through 1.3.8a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the products_id array parameter in a multiple_products_add_product action, a different vulnerability than CVE-2008-6985.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 70.1%

CVSS Severity

CVSS v2 Score 6.8

References

Products affected by CVE-2008-6986

Zen-Cart » Zen Cart » Version: 1.3

cpe:2.3:a:zen-cart:zen_cart:1.3
Zen-Cart » Zen Cart » Version: 1.3.0.2

cpe:2.3:a:zen-cart:zen_cart:1.3.0.2
Zen-Cart » Zen Cart » Version: 1.3.2

cpe:2.3:a:zen-cart:zen_cart:1.3.2
Zen-Cart » Zen Cart » Version: 1.3.5

cpe:2.3:a:zen-cart:zen_cart:1.3.5
Zen-Cart » Zen Cart » Version: 1.3.6

cpe:2.3:a:zen-cart:zen_cart:1.3.6
Zen-Cart » Zen Cart » Version: 1.3.7

cpe:2.3:a:zen-cart:zen_cart:1.3.7
Zen-Cart » Zen Cart » Version: 1.3.8

cpe:2.3:a:zen-cart:zen_cart:1.3.8
Zen-Cart » Zen Cart » Version: 1.3.8a

cpe:2.3:a:zen-cart:zen_cart:1.3.8a

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-6986

Products

Pricing

Contact Us