Zen Cart application_top.php products_id Parameter SQL Injection
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
Zen Cart contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'products_id' variable in the 'application_top.php' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.
Currently, there are no known workarounds or upgrades to correct this issue. However, Ian C. Wilson has released a patch to address this vulnerability.