Filtered by vendor Zen-cart
Subscribe
Total
27 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4323 | 1 Zen-cart | 1 Zen Cart | 2025-04-09 | 7.5 HIGH | N/A |
| The installation for Zen Cart stores sensitive information and insecure programs under the (1) docs, (2) extras, and (3) zc_install folders, and (4) install.txt, which allows remote attackers to obtain sensitive information, delete the database, and conduct other attacks via a direct request, different vulnerabilities than CVE-2009-4321 and CVE-2009-4322. | |||||
| CVE-2009-4321 | 1 Zen-cart | 1 Zen Cart | 2025-04-09 | 5.0 MEDIUM | N/A |
| extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly other versions, allows remote attackers to read arbitrary files via a file:// URI. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2005-3996 | 1 Zen-cart | 1 Zen Cart | 2025-04-03 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in admin/password_forgotten.php in Zen Cart 1.2.6d and earlier allows remote attackers to execute arbitrary SQL commands via the admin_email parameter. | |||||
| CVE-2006-0697 | 1 Zen-cart | 1 Zen Cart | 2025-04-03 | 10.0 HIGH | N/A |
| Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests. | |||||
| CVE-2021-3291 | 1 Zen-cart | 1 Zen Cart | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command. | |||||
| CVE-2020-6578 | 1 Zen-cart | 1 Zen Cart | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to includes/templates/template_default/common/tpl_main_page.php or includes/templates/responsive_classic/common/tpl_main_page.php. | |||||
| CVE-2024-5762 | 1 Zen-cart | 1 Zen Cart | 2024-08-23 | N/A | 8.1 HIGH |
| Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Zen Cart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the findPluginAdminPage function. The issue results from the lack of proper validation of user-supplied data prior to passing it to a PHP include function. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. Was ZDI-CAN-21408. | |||||