Description
Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/sqlpatch.php, which allows remote attackers to execute arbitrary SQL commands via the query_string parameter in an execute action, in conjunction with a PATH_INFO of password_forgotten.php, related to a "SQL Execution" issue.
Remediation
References
Related Vulnerabilities
WordPress Plugin Social Media Share Buttons & Social Sharing Icons Security Bypass (1.5.1)
Apache Tomcat Improper Authentication Vulnerability (CVE-2012-5887)
WordPress Plugin Slider by 10Web-Responsive Image Slider Cross-Site Request Forgery (1.2.22)
MySQL CVE-2018-2766 Vulnerability (CVE-2018-2766)
Payara URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-41699)