CVE-2009-2254 Information

Description

Zen Cart 1.3.8a 1.3.8 and earlier does not require administrative authentication for admin/sqlpatch.php which allows remote attackers to execute arbitrary SQL commands via the query_string parameter in an execute action in conjunction with a PATH_INFO of password_forgotten.php related to a \SQL Execution\ issue.

Reference

http://secunia.com/advisories/35550 http://www.exploit-db.com/exploits/9005 http://www.osvdb.org/55343 http://www.securityfocus.com/bid/35468 http://www.zen-cart.com/forum/attachment.php?attachmentid=5965 http://www.zen-cart.com/forum/showthread.php?t=130161 https://exchange.xforce.ibmcloud.com/vulnerabilities/51317