Description

SQL injection vulnerability in admin/password_forgotten.php in Zen Cart 1.2.6d and earlier allows remote attackers to execute arbitrary SQL commands via the admin_email parameter.

Remediation

References

CVE-2005-3996

Related Vulnerabilities

MongoDb Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-20326)

Apache HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-9490)

WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk Multiple Cross-Site Scripting Vulnerabilities (5.173)

WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Remote Code Execution (2.4.21)

WordPress Plugin PayPal Digital Downloads Cross-Site Request Forgery (1.4)

Severity

Medium

Classification

CVE-2005-3996 CWE-138

Tags

Missing Update Known Vulnerabilities