CVE-2017-11675

ZenCart 1.5.5e contains a vulnerability in traverseStrictSanitize within admin_dir/includes/classes/AdminRequestSanitizer.php. The sanitizer mishandles key strings, enabling remote authenticated users to execute arbitrary PHP code by injecting code into an invalid array index of the admin_name pa...