CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2006-3757
https://notcve.org/view.php?id=CVE-2006-3757
index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain sensitive information via empty (1) _GET[], (2) _SESSION[], (3) _POST[], (4) _COOKIE[], or (5) _SESSION[] array parameters, which reveals the installation path in an error message. NOTE: this issue might be resultant from a global overwrite vulnerability. index.php en Zen Cart 1.3.0.2 permite a atacantes remotos obtener información sensible a través de parámetros de array vacios (1) _GET[], (2) _SESSION[], (3) _POST[], (4) _COOKIE[], o (5) _SESSION[], los cuales revelan la ruta de instalación en un mensaje de error. NOTA: Este asunto sería el resultado de una vulnerabilidad global sobre-escrita. • http://securityreason.com/securityalert/1253 http://www.securityfocus.com/archive/1/438805/100/200/threaded •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2006-0696
https://notcve.org/view.php?id=CVE-2006-0696
SQL injection vulnerability in Zen Cart before 1.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. • http://secunia.com/advisories/18801 http://sourceforge.net/project/shownotes.php?release_id=392886 http://www.osvdb.org/23110 http://www.vupen.com/english/advisories/2006/0546 https://exchange.xforce.ibmcloud.com/vulnerabilities/24701 •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0CVE-2006-0697
https://notcve.org/view.php?id=CVE-2006-0697
Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests. • http://secunia.com/advisories/18801 http://sourceforge.net/project/shownotes.php?release_id=392886 http://www.vupen.com/english/advisories/2006/0546 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2006-0698
https://notcve.org/view.php?id=CVE-2006-0698
Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote attackers to cause unknown impact via unspecified vectors related to "other attempted exploits" other than SQL injection. • http://secunia.com/advisories/18801 http://sourceforge.net/project/shownotes.php?release_id=392886 http://www.vupen.com/english/advisories/2006/0546 https://exchange.xforce.ibmcloud.com/vulnerabilities/24701 •
CVSS: 5.1EPSS: 1%CPEs: 1EXPL: 3CVE-2005-3996 – Zen Cart 1.2.6d - 'password_forgotten.php' SQL Injection
https://notcve.org/view.php?id=CVE-2005-3996
SQL injection vulnerability in admin/password_forgotten.php in Zen Cart 1.2.6d and earlier allows remote attackers to execute arbitrary SQL commands via the admin_email parameter. • https://www.exploit-db.com/exploits/1354 http://rgod.altervista.org/zencart_126d_xpl.html http://secunia.com/advisories/17869 http://securitytracker.com/id?1015306 http://www.osvdb.org/21411 http://www.securityfocus.com/archive/1/418517/100/0/threaded http://www.securityfocus.com/archive/1/418995/100/0/threaded http://www.securityfocus.com/bid/15690 http://www.vupen.com/english/advisories/2005/2728 https://exchange.xforce.ibmcloud.com/vulnerabilities/23510 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •