CVE-2006-4215

Published: Aug 17, 2006Modified: Apr 16, 2026

5.1

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability: 4.9 / Impact: 6.4

Source: NVD

Description

PHP remote file inclusion vulnerability in index.php in Zen Cart 1.3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the autoLoadConfig[999][0][loadFile] parameter.

Affected (1)

Products: Zen Cart: Zen Cart

Zen Cart

1 product

Zen Cart

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zen Cart Zen Cart	Up to 1.3.0.2

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (12)

http://secunia.com/advisories/21484

Source: cve@mitre.org

Vendor Advisory

http://www.gulftech.org/?node=research&article_id=00109-08152006

Source: cve@mitre.org

http://www.osvdb.org/28149

Source: cve@mitre.org

http://www.securityfocus.com/bid/19543

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/3283

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/28394

Source: cve@mitre.org

http://secunia.com/advisories/21484