Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zen-cart zen cart - vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-6578
Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to includes/templates/template_default/common/tpl_main_page.php or includes/templates/responsive_classic/common/tpl_main_page.php.
Zen-cart Zen Cart 1.5.6d
7.5
CVSSv2
CVE-2020-6577
The IT-Recht Kanzlei plugin in Zen Cart 1.5.6c (German edition) allows itrk-api.php rechtstext_language SQL Injection.
It-recht-kanzlei It-recht-kanzlei 1.5.6c
9
CVSSv2
CVE-2021-3291
Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command.
Zen-cart Zen Cart 1.5.7b
2 Github repositories
10
CVSSv2
CVE-2015-8352
Directory traversal vulnerability in Zen Cart 1.5.4 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.
Zen-cart Zen Cart 1.5.4
1 EDB exploit
6.5
CVSSv2
CVE-2017-11675
The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the admin_name array par...
Zen-cart Zen Cart 1.5.5e
4.3
CVSSv2
CVE-2017-10667
In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS.
Zen-cart Zen Cart 1.6.0
4.3
CVSSv2
CVE-2017-8833
Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor's README.md file offers a link to v160.zip with a description of "Download latest in-development version from github."
Zen-cart Zen Cart 1.6.0
5.8
CVSSv2
CVE-2011-4403
Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote malicious users to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a product via a setfl...
Zen-cart Zen Cart 1.3.9h
1 EDB exploit
4.3
CVSSv2
CVE-2015-0882
Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp up to and including 1.3.0.2 jp8 and 1.5 ja up to and including 1.5.1 ja allow remote malicious users to inject arbitrary web script or HTML via a crafted parameter, related to...
Zen-cart Zen Cart 1.5.0
Zen-cart Zen Cart 1.3.0.0
Zen-cart Zen Cart 1.3.0.1
Zen-cart Zen Cart 1.3.0.2
Zen-cart Zen Cart 1.5.1
5.8
CVSSv2
CVE-2012-5805
The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary va...
Zen-cart Zen Cart -
Paypal Instant Payment Notification -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »