SQL Injection Vulnerability in Zeus Cart by Zeus Technology
CVE-2009-4940

Currently unrated

Key Information:

Vendor: Zeuscart
Status: Zeuscart
Vendor: CVE Published:; 22 July 2010

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2009-4940?

An SQL injection vulnerability exists in the index.php file of Zeus Cart 2.3 and prior versions. Attackers can exploit this weakness by manipulating the maincatid parameter in a showmaincatlanding action, which may lead to unauthorized execution of SQL commands. This exposes the application to potential data breaches and loss of data integrity, highlighting the need for robust input validation and security measures.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2009-4940 - Proof of Concept

References

http://www.exploit-db.com/exploits/8829

exploitx_refsource_EXPLOIT-DB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jul 22, 2010
👾
Exploit known to exist
Jul 22, 2010
Vulnerability published
Jul 22, 2010
Vulnerability Reserved
Jul 21, 2010

CVE-2009-4940 Data

JSON

Zeuscart

Badges

What is CVE-2009-4940?

Exploit Proof of Concept (PoC)

References

Timeline