Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9
CVSSv2

CVE-2021-3291

Published: 26/01/2021 Updated: 09/03/2021
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2
VMScore: 802
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Zen Cart

Vulnerability Summary

Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

zen-cart zen cart 1.5.7b

Github Repositories

https://github.com/ImHades101/CVE-2021-3291

rebuild cve

CVE-2021-3291 rebuild cve

https://github.com/MucahitSaratar/zencart_auth_rce_poc

zencart_auth_rce_poc CVE-2021-3291 1-) login as admin 2-) get any modules edit page 3-) inspect element any true radiobox 4-) change true to true','MODULE_ORDER_TOTAL_TOTAL_STATUS'); echo `id`; // 5-) click update 6-) to trig command go again edit page CVE-2021-3291 cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2021-3291 POC exploiting refresh page zoom M

References

CWE-78http://packetstormsecurity.com/files/161613/Zen-Cart-1.5.7b-Remote-Code-Execution.htmlhttps://github.com/MucahitSaratar/zencart_auth_rce_pochttps://nvd.nist.govhttps://github.com/ImHades101/CVE-2021-3291
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook