CVE-2006-4214
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2006-4214
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) GPC data to the ipn_get_stored_session function in ipn_main_handler.php, which can be leveraged to modify elements of $_SESSION; and allow remote authenticated users to execute arbitrary SQL commands via (2) a session id within a cookie to whos_online_session_recreate, (3) the quantity field to the add_cart function, (4) an id[] parameter when adding an item to a shopping cart, or (5) a redemption code when checking out (dc_redeem_code parameter to includes/modules/order_total/ot_coupon.php).
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Zen Cart多个SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Zen Cart 1.3.0.2及早期中存在多个SQL注入漏洞,远程攻击者可借助:(1) 提交到ipn_main_handler.php脚本的ipn_get_stored_session函数中的GPC数据 ,促使修改$_SESSION元素,从而执行任意SQL指令;且远程认证用户可借助:(2) whos_online_session_recreate的cookie内的会话id,(3) add_cart函数的quantity字段,(4) 在增加一项到购物车时的id[]参数,或 (5) 结帐时的redempti
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2006-4214
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2006-4214
请登录查看更多情报信息。
- http://www.gulftech.org/?node=research&article_id=00109-08152006x_refsource_MISC
- http://www.zen-cart.com/forum/showthread.php?t=43579x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2006-4214
Same Patch Batch · n/a · 2006-08-17 · 42 CVEs total
| CVE-2006-4210 | phPay 'Nu_mail.inc.PHP'开放邮件中继漏洞 | |
| CVE-2006-4200 | 04WebServer 请求处理相关未明安全绕过漏洞 | |
| CVE-2006-4201 | HP OpenView Storage Data Protector 备份代理和主备份软件远程任意指令执行漏洞 | |
| CVE-2006-4202 | Spidey Blog Script 'proje_goster.php' PID参数SQL注入漏洞 | |
| CVE-2006-4203 | Mambo Email Publisher 'Help.MMP.PHP'远程文件包含漏洞 | |
| CVE-2006-4204 | PHProjekt多个远程文件包含漏洞 | |
| CVE-2006-4205 | WebDynamite ProjectButler RootDIR参数多个远程文件包含漏洞 | |
| CVE-2006-4206 | ASPPlayGround.NET Forum 'Calendar.ASP'跨站脚本攻击漏洞 | |
| CVE-2006-4207 | Bob Jewell Discloser多个PHP远程文件包含漏洞 | |
| CVE-2006-4208 | WP-DB Backup Wordpress 'wp-db-backup.php'目录遍历漏洞 | |
| CVE-2006-4209 | WEBInsta Mailing List Manager 'install3.php'PHP远程文件包含漏洞 | |
| CVE-2006-4199 | Soft3304 04WebServer 错误页面跨站脚本攻击(XSS)漏洞 | |
| CVE-2006-4211 | Owl Intranet Engine多个漏洞 | |
| CVE-2006-4212 | b0zz和Chris Vincent Owl Intranet Engine 未明SQL注入漏洞 | |
| CVE-2006-4213 | David Kent Norman Thatware 'config.php'PHP远程文件包含漏洞 | |
| CVE-2006-4215 | Zen Cart 'index.php'HP远程文件包含漏洞 | |
| CVE-2002-2216 | Soft3304 04WebServer获得敏感信息漏洞 | |
| CVE-2004-2661 | Soft3304 04WebServer信息泄漏漏洞 | |
| CVE-2004-2662 | Soft3304 04WebServer线程终止但是继续占有资源漏洞 | |
| CVE-2006-4217 | WEBInsta CMS 'users.php'PHP远程文件包含漏洞 |
Showing top 20 of 42 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
V. Comments for CVE-2006-4214
No comments yet