6 matches found
EUVD-2012-5688
Malware in sbrugna...
CVE-2021-3291
Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element within the modules edit page and inserting a command...
GHSA-38F9-4VHQ-9CR8 Zen Cart vulnerable to authenticated remote code execution
Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element within the modules edit page and inserting a command...
RCE in Zen Cart via Arbitrary File Inclusion
High-Tech Bridge Security Research Lab discovered critical vulnerability in a popular e-commerce software Zen Cart, which can be exploited by remote non-authenticated attackers to compromise vulnerable system. A remote unauthenticated attacker might be able to execute arbitrary PHP code on the...
CVE-2009-2254
Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/sqlpatch.php, which allows remote attackers to execute arbitrary SQL commands via the querystring parameter in an execute action, in conjunction with a PATHINFO of passwordforgotten.php, related to a "SQL...
CVE-2009-2255
Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/recordcompany.php, which allows remote attackers to execute arbitrary code by uploading a .php file via the recordcompanyimage parameter in conjunction with a PATHINFO of passwordforgotten.php, then...