2 matches found
CVE-2017-11675
The traverseStrictSanitize function in admindir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the adminname array parameter to...
CVE-2017-11675
ZenCart 1.5.5e contains a vulnerability in traverseStrictSanitize within admin_dir/includes/classes/AdminRequestSanitizer.php. The sanitizer mishandles key strings, enabling remote authenticated users to execute arbitrary PHP code by injecting code into an invalid array index of the admin_name pa...