Unrated severityNVD Advisory· Published Aug 19, 2009· Updated Jun 16, 2026
CVE-2008-6985
CVE-2008-6985
Description
Multiple SQL injection vulnerabilities in includes/classes/shopping_cart.php in Zen Cart 1.2.0 through 1.3.8a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter when (1) adding or (2) updating the shopping cart.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
17cpe:2.3:a:zen-cart:zen_cart:1.2.0d:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:zen-cart:zen_cart:1.2.0d:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.2.1d:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.2.1_patch1:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.2.2d:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.2.3d:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.2.4d:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.2.5d:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.2.6d:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.3.8a:*:*:*:*:*:*:*
- (no CPE)range: 1.2.0 through 1.3.8a
Patches
Vulnerability mechanics
References
8- www.gulftech.orgnvdExploit
- www.zen-cart.com/forum/showthread.phpnvdExploit
- secunia.com/advisories/31758nvdVendor Advisory
- www.osvdb.org/48346nvd
- www.securityfocus.com/archive/1/496002/100/0/threadednvd
- www.securityfocus.com/archive/1/496032/100/100/threadednvd
- www.securityfocus.com/bid/31023nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/44917nvd
News mentions
0No linked articles in our index yet.