Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zen-cart zen cart - vulnerabilities and exploits
(subscribe to this query)
1000
VMScore
CVE-2015-8352
Directory traversal vulnerability in Zen Cart 1.5.4 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.
Zen-cart Zen Cart 1.5.4
1 EDB exploit
890
VMScore
CVE-2006-0697
Zen Cart prior to 1.2.7 does not protect the admin/includes directory, which allows remote malicious users to cause unknown impact via unspecified vectors, probably direct requests.
Zen-cart Zen Cart
Zen-cart Zen Cart 1.2.5d
Zen-cart Zen Cart 1.2.4d
Zen-cart Zen Cart 1.2.3d
Zen-cart Zen Cart 1.2.1d
Zen-cart Zen Cart 1.2.1
Zen-cart Zen Cart 1.2.0d
Zen-cart Zen Cart 1.1.3
Zen-cart Zen Cart 1.1.0
Zen-cart Zen Cart 1.2.4.1
Zen-cart Zen Cart 1.2.2d
890
VMScore
CVE-2006-0698
Unspecified vulnerabilities in Zen Cart prior to 1.2.7 allow remote malicious users to cause unknown impact via unspecified vectors related to "other attempted exploits" other than SQL injection.
Zen Cart Zen Cart 1.1.0
Zen Cart Zen Cart 1.2.2d
Zen Cart Zen Cart 1.2.3d
Zen Cart Zen Cart 1.1.1d
Zen Cart Zen Cart 1.1.2d
Zen Cart Zen Cart 1.2.4.1
Zen Cart Zen Cart 1.2.4d
Zen Cart Zen Cart 1.1.3d
Zen Cart Zen Cart 1.1.4d
Zen Cart Zen Cart 1.2.5d
Zen Cart Zen Cart 1.2.6d
Zen Cart Zen Cart 1.2.0d
Zen Cart Zen Cart 1.2.1 Patch1
Zen Cart Zen Cart 1.2.1d
802
VMScore
CVE-2021-3291
Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command.
Zen-cart Zen Cart 1.5.7b
2 Github repositories
756
VMScore
CVE-2007-3597
Session fixation vulnerability in Zen Cart 1.3.7 and previous versions allows remote malicious users to hijack web sessions by setting the Cookie parameter.
Zen Cart Zen Cart
755
VMScore
CVE-2009-2254
Zen Cart 1.3.8a, 1.3.8, and previous versions does not require administrative authentication for admin/sqlpatch.php, which allows remote malicious users to execute arbitrary SQL commands via the query_string parameter in an execute action, in conjunction with a PATH_INFO of passw...
Zen-cart Zen Cart 1.3.6
Zen-cart Zen Cart 1.2.4d
Zen-cart Zen Cart 1.1.3
Zen-cart Zen Cart 1.1.0
Zen-cart Zen Cart 1.2.1d
Zen-cart Zen Cart 1.2.0d
Zen-cart Zen Cart 1.3.7
Zen-cart Zen Cart
Zen-cart Zen Cart 1.3.8
1 EDB exploit
755
VMScore
CVE-2008-6615
SQL injection vulnerability in index.php in Zen Software Zen Cart 2008 allows remote malicious users to execute arbitrary SQL commands via the keyword parameter in the advanced_search_result page. NOTE: the provenance of this information is unknown; the details are obtained solel...
Zen-cart Zen Cart 2008
1 EDB exploit
685
VMScore
CVE-2008-6985
Multiple SQL injection vulnerabilities in includes/classes/shopping_cart.php in Zen Cart 1.2.0 up to and including 1.3.8a, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via the id parameter when (1) adding or (2) updating the sh...
Zen-cart Zen Cart 1.2.4.1
Zen-cart Zen Cart 1.2.1d
Zen-cart Zen Cart 1.3
Zen-cart Zen Cart 1.2.1 Patch1
Zen-cart Zen Cart 1.2.4d
Zen-cart Zen Cart 1.2.3d
Zen-cart Zen Cart 1.3.5
Zen-cart Zen Cart 1.3.8a
Zen-cart Zen Cart 1.2.2d
Zen-cart Zen Cart 1.2.0d
Zen-cart Zen Cart 1.3.7
Zen-cart Zen Cart 1.3.6
Zen-cart Zen Cart 1.2.6d
Zen-cart Zen Cart 1.2.5d
Zen-cart Zen Cart 1.3.8
Zen-cart Zen Cart 1.3.2
1 EDB exploit
685
VMScore
CVE-2009-2255
Zen Cart 1.3.8a, 1.3.8, and previous versions does not require administrative authentication for admin/record_company.php, which allows remote malicious users to execute arbitrary code by uploading a .php file via the record_company_image parameter in conjunction with a PATH_INFO...
Zen-cart Zen Cart 1.2.4d
Zen-cart Zen Cart 1.2.1d
Zen-cart Zen Cart 1.2.0d
Zen-cart Zen Cart
Zen-cart Zen Cart 1.3.8
Zen-cart Zen Cart 1.1.3
Zen-cart Zen Cart 1.1.0
Zen-cart Zen Cart 1.3.7
Zen-cart Zen Cart 1.3.6
1 EDB exploit
668
VMScore
CVE-2020-6577
The IT-Recht Kanzlei plugin in Zen Cart 1.5.6c (German edition) allows itrk-api.php rechtstext_language SQL Injection.
It-recht-kanzlei It-recht-kanzlei 1.5.6c
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »