*BOGUS* PacketStorm SQL Vulnerability Report Dated 01/05/2008
On May 1, 2008, a report was posted on PacketStorm about an alleged SQL Injection threat against "2008 Zen Cart".
THE REPORT IS NOT ACCURATE. THE DESCRIBED ISSUE IS NOT AN SQL INJECTION RISK
I have been testing the alleged packetstorm vulnerability on 1.3.8 and I believe it is bogus.
Of the 4 test scenarios, only 1 produces an sql error. However that error is not caused by an SQL injection, but a weakness in the way the advanced search code build its SQL.
So while I would class it as a bug, I would not class it as an SQL injection.
By alma in forum Templates, Stylesheets, Page Layout
Last Post: 20 Dec 2007, 01:07 AM
By divekathster in forum General Questions
Last Post: 27 Mar 2007, 10:14 PM
Content and Graphics Copyright (c) 2003 - 2013 Zen Ventures, LLC - all rights reserved
Zen Cart® is a Registered Trademark of Zen Ventures, LLC