Zen Cart Security Vulnerabilities and Issues — Zen Cart CVE List

Lucene search

Zen-cartZen Cart

8 matches found

CVE•added 2009/12/14 11:30 p.m.•58 views

CVE-2009-4321

extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly other versions, allows remote attackers to read arbitrary files via a file:// URI. NOTE: some of these details are obtained from third party information.

5CVSS6.6AI score0.00819EPSS

CVE•added 2009/12/14 11:30 p.m.•51 views

CVE-2009-4322

extras/ipn_test_return.php in Zen Cart allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.

5CVSS6.1AI score0.00283EPSS

CVE•added 2005/12/05 12:3 a.m.•48 views

CVE-2005-3996

SQL injection vulnerability in admin/password_forgotten.php in Zen Cart 1.2.6d and earlier allows remote attackers to execute arbitrary SQL commands via the admin_email parameter.

5.1CVSS8.4AI score0.01733EPSS

CVE•added 2015/04/24 2:59 p.m.•44 views

CVE-2011-4403

Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a product via a setflag action to categories.p...

5.8CVSS7.4AI score0.00393EPSS

CVE•added 2012/11/04 10:55 p.m.•42 views

CVE-2012-5806

The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to ...

5.8CVSS6.7AI score0.00134EPSS

CVE•added 2012/11/04 10:55 p.m.•41 views

CVE-2012-5805

The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different v...

5.8CVSS6.6AI score0.00134EPSS

CVE•added 2012/11/04 10:55 p.m.•40 views

CVE-2012-5807

The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8CVSS6.7AI score0.00134EPSS

CVE•added 2012/11/04 10:55 p.m.•36 views

CVE-2012-5808

The LinkPoint module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8CVSS6.7AI score0.00134EPSS