vendor:
Zen Cart
by:
SecurityFocus
8.8
CVSS
HIGH
Cross-Site Scripting and SQL Injection
79 (Cross-Site Scripting) and 89 (SQL Injection)
CWE
Product Name: Zen Cart
Affected Version From: 2008
Affected Version To: 2008
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
Zen Cart Cross-Site Scripting and SQL Injection Vulnerabilities
Zen Cart is prone to a cross-site scripting vulnerability and an SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Mitigation:
Input validation should be used to ensure that untrusted data is not used to dynamically generate SQL queries. Additionally, the application should use parameterized queries to prevent SQL injection attacks.