Zen Cart Security Vulnerabilities and Issues — Zen Cart CVE List

Lucene search

Zen-cartZen Cart

4 matches found

CVE•added 2017/08/24 9:29 p.m.•55 views

CVE-2015-8352

Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.

10CVSS9.2AI score0.38492EPSS

CVE•added 2017/07/27 6:29 a.m.•54 views

CVE-2017-11675

The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the admin_name array parameter to admin_dir...

8.8CVSS8.8AI score0.00717EPSS

CVE•added 2017/06/29 12:29 a.m.•49 views

CVE-2017-10667

In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS.

6.1CVSS6.2AI score0.00223EPSS

CVE•added 2017/05/08 6:29 a.m.•40 views

CVE-2017-8833

Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor's README.md file offers a link to v160.zip with a description of "Download latest in-development version from github."

6.1CVSS6AI score0.0024EPSS