Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zen-cart zen cart vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2017-8833
Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor's README.md file offers a link to v160.zip with a description of "Download latest in-development version from github."
Zen-cart Zen Cart 1.6.0
1000
VMScore
CVE-2015-8352
Directory traversal vulnerability in Zen Cart 1.5.4 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.
Zen-cart Zen Cart 1.5.4
1 EDB exploit
585
VMScore
CVE-2011-4403
Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote malicious users to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a product via a setfl...
Zen-cart Zen Cart 1.3.9h
1 EDB exploit
383
VMScore
CVE-2011-4547
Multiple cross-site scripting (XSS) vulnerabilities in includes/templates/template_default/common/tpl_header_test_info.php in Zen Cart 1.3.9h, when debugging is enabled, might allow remote malicious users to inject arbitrary web script or HTML via the (1) main_page parameter or (...
Zen-cart Zen Cart 1.3.9h
668
VMScore
CVE-2004-2024
The distribution of Zen Cart 1.1.4 before patch 2 includes certain debugging code in the Admin password retrieval functionality, which allows malicious users to gain administrative privileges via password_forgotten.php.
Zen Cart Zen Cart 1.1.4
668
VMScore
CVE-2004-2025
SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 before patch 2 may allow remote malicious users to execute arbitrary SQL commands via the products_id parameter.
Zen Cart Zen Cart 1.1.3
383
VMScore
CVE-2017-10667
In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS.
Zen-cart Zen Cart 1.6.0
516
VMScore
CVE-2012-5808
The LinkPoint module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid cert...
Firstdata Linkpoint -
Zen-cart Zen Cart -
516
VMScore
CVE-2012-5806
The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary ...
Zen-cart Zen Cart -
Paypal Payments Pro -
516
VMScore
CVE-2012-5805
The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary va...
Zen-cart Zen Cart -
Paypal Instant Payment Notification -
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »