CVE-2006-4214 - Vulnerability Details - OpenCVE

Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) GPC data to the ipn_get_stored_session function in ipn_main_handler.php, which can be leveraged to modify elements of $_SESSION; and allow remote authenticated users to execute arbitrary SQL commands via (2) a session id within a cookie to whos_online_session_recreate, (3) the quantity field to the add_cart function, (4) an id[] parameter when adding an item to a shopping cart, or (5) a redemption code when checking out (dc_redeem_code parameter to includes/modules/order_total/ot_coupon.php).

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zen Cart	Zen Cart

Configuration 1 [-]

cpe:2.3:a:zen_cart:zen_cart:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/21484
http://www.gulftech.org/?node=research&article_id=00109-08152006
http://www.osvdb.org/28144
http://www.osvdb.org/28145
http://www.osvdb.org/28146
http://www.osvdb.org/28147
http://www.osvdb.org/28148
http://www.securityfocus.com/bid/19542
http://www.vupen.com/english/advisories/2006/3283
http://www.zen-cart.com/forum/showthread.php?t=43579
https://exchange.xforce.ibmcloud.com/vulnerabilities/28393

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-08-17T21:00:00

Updated: 2024-08-07T18:57:46.434Z

Reserved: 2006-08-17T00:00:00

Link: CVE-2006-4214

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-08-17T21:04:00.000

Modified: 2024-11-21T00:15:24.583

Link: CVE-2006-4214

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-08-15T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) GPC data to the ipn_get_stored_session function in ipn_main_handler.php, which can be leveraged to modify elements of $_SESSION; and allow remote authenticated users to execute arbitrary SQL commands via (2) a session id within a cookie to whos_online_session_recreate, (3) the quantity field to the add_cart function, (4) an id[] parameter when adding an item to a shopping cart, or (5) a redemption code when checking out (dc_redeem_code parameter to includes/modules/order_total/ot_coupon.php)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "28144", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28144"}, {"name": "ADV-2006-3283", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3283"}, {"name": "zencart-multiple-scripts-sql-injection(28393)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28393"}, {"name": "28145", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28145"}, {"name": "19542", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19542"}, {"name": "28148", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28148"}, {"name": "28147", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28147"}, {"tags": ["x_refsource_MISC"], "url": "http://www.gulftech.org/?node=research&article_id=00109-08152006"}, {"name": "21484", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21484"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.zen-cart.com/forum/showthread.php?t=43579"}, {"name": "28146", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28146"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4214", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) GPC data to the ipn_get_stored_session function in ipn_main_handler.php, which can be leveraged to modify elements of $_SESSION; and allow remote authenticated users to execute arbitrary SQL commands via (2) a session id within a cookie to whos_online_session_recreate, (3) the quantity field to the add_cart function, (4) an id[] parameter when adding an item to a shopping cart, or (5) a redemption code when checking out (dc_redeem_code parameter to includes/modules/order_total/ot_coupon.php)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "28144", "refsource": "OSVDB", "url": "http://www.osvdb.org/28144"}, {"name": "ADV-2006-3283", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3283"}, {"name": "zencart-multiple-scripts-sql-injection(28393)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28393"}, {"name": "28145", "refsource": "OSVDB", "url": "http://www.osvdb.org/28145"}, {"name": "19542", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19542"}, {"name": "28148", "refsource": "OSVDB", "url": "http://www.osvdb.org/28148"}, {"name": "28147", "refsource": "OSVDB", "url": "http://www.osvdb.org/28147"}, {"name": "http://www.gulftech.org/?node=research&article_id=00109-08152006", "refsource": "MISC", "url": "http://www.gulftech.org/?node=research&article_id=00109-08152006"}, {"name": "21484", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21484"}, {"name": "http://www.zen-cart.com/forum/showthread.php?t=43579", "refsource": "CONFIRM", "url": "http://www.zen-cart.com/forum/showthread.php?t=43579"}, {"name": "28146", "refsource": "OSVDB", "url": "http://www.osvdb.org/28146"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:57:46.434Z"}, "title": "CVE Program Container", "references": [{"name": "28144", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/28144"}, {"name": "ADV-2006-3283", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/3283"}, {"name": "zencart-multiple-scripts-sql-injection(28393)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28393"}, {"name": "28145", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/28145"}, {"name": "19542", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/19542"}, {"name": "28148", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/28148"}, {"name": "28147", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/28147"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.gulftech.org/?node=research&article_id=00109-08152006"}, {"name": "21484", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21484"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.zen-cart.com/forum/showthread.php?t=43579"}, {"name": "28146", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/28146"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4214", "datePublished": "2006-08-17T21:00:00", "dateReserved": "2006-08-17T00:00:00", "dateUpdated": "2024-08-07T18:57:46.434Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zen_cart:zen_cart:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F2E7957-ABB7-4E1B-B08D-1FE1FA5EDBCD", "versionEndIncluding": "1.3.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) GPC data to the ipn_get_stored_session function in ipn_main_handler.php, which can be leveraged to modify elements of $_SESSION; and allow remote authenticated users to execute arbitrary SQL commands via (2) a session id within a cookie to whos_online_session_recreate, (3) the quantity field to the add_cart function, (4) an id[] parameter when adding an item to a shopping cart, or (5) a redemption code when checking out (dc_redeem_code parameter to includes/modules/order_total/ot_coupon.php)."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Zen Cart 1.3.0.2 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante (1) datos GPC en la funci\u00f3n ipn_get_stored_session en ipn_main_handler.php, lo cual puede ser aprovechado para modificar elementos de $_SESSION; y permite a usuarios autenticados remotamente ejecutar comandos SQL de su elecci\u00f3n mediante (2) un identificador de sesi\u00f3n dentro de una cookie para whos_online_session_recreate, (3) el campo quantity para la funci\u00f3n add_cart, (4) un par\u00e1metro id[] cuando se a\u00f1ade un producto a un carrito de la compra, o (5) un c\u00f3digo de amortizaci\u00f3n cuando se est\u00e1 confirmando la compra (el par\u00e1metro dc_redeem_code en el includes/modules/order_total/ot_coupon.php)."}], "id": "CVE-2006-4214", "lastModified": "2024-11-21T00:15:24.583", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-08-17T21:04:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21484"}, {"source": "cve@mitre.org", "url": "http://www.gulftech.org/?node=research&article_id=00109-08152006"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28144"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28145"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28146"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28147"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28148"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/19542"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/3283"}, {"source": "cve@mitre.org", "url": "http://www.zen-cart.com/forum/showthread.php?t=43579"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28393"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21484"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gulftech.org/?node=research&article_id=00109-08152006"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/28144"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/28145"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/28146"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/28147"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/28148"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/19542"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/3283"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zen-cart.com/forum/showthread.php?t=43579"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28393"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}