CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5762 – Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5762
Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Zen Cart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the findPluginAdminPage function. The issue results from the lack of proper validation of user-supplied data prior to passing it to a PHP include function. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. • https://docs.zen-cart.com/release/whatsnew_2.0.0 https://www.zerodayinitiative.com/advisories/ZDI-24-883 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-6578
https://notcve.org/view.php?id=CVE-2020-6578
Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to includes/templates/template_default/common/tpl_main_page.php or includes/templates/responsive_classic/common/tpl_main_page.php. Zen Cart versión 1.5.6d, permite un ataque de tipo XSS reflejado por medio del parámetro main_page en los archivos includes/templates/template_default/common/tpl_main_page.php o includes/templates/responsive_classic/common/tpl_main_page.php • https://herolab.usd.de/security-advisories https://herolab.usd.de/security-advisories/usd-2019-0069 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 4CVE-2021-3291 – Zen Cart 1.5.7b - Remote Code Execution (Authenticated)
https://notcve.org/view.php?id=CVE-2021-3291
Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command. Zen Cart versión 1.5.7b, permite a administradores ejecutar comandos arbitrarios del Sistema Operativo inspeccionando un elemento de entrada de radio HTML (dentro de la página de edición de módulos) e insertando un comando • https://www.exploit-db.com/exploits/49608 https://github.com/ImHades101/CVE-2021-3291 http://packetstormsecurity.com/files/161613/Zen-Cart-1.5.7b-Remote-Code-Execution.html https://github.com/MucahitSaratar/zencart_auth_rce_poc • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-11675
https://notcve.org/view.php?id=CVE-2017-11675
The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the admin_name array parameter to admin_dir/login.php, if there is an export of an error-log entry for that invalid array index. La función traverseStrictSanitize en el archivo admin_dir/includes/classes/AdminRequestSanitizer.php en ZenCart versión 1.5.5e, maneja inapropiadamente las cadenas de claves, permitiendo a los usuarios autenticados remotos ejecutar código PHP arbitrario mediante la colocación de ese código en un índice de matriz no válido del parámetro matriz admin_name en el archivo admin_dir/login.php, si hay una exportación de una entrada de registro de error para ese índice de matriz no válido. • https://github.com/imp0wd3r/vuln-papers/tree/master/zencart-155e-auth-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10667
https://notcve.org/view.php?id=CVE-2017-10667
In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS. En index.php en Zen Cart 1.6.0, el parámetro products_id puede provocar Cross-Site Scripting (XSS). RSA Via Lifecycle and Governance versión 7.0, en todos los niveles de parches y RSA Identity Management and Governance (RSA IMG) versiones 6.9.1, en todos los niveles de parches, permiten que un administrador de aplicación suba archivos arbitrarios que podrían contener código malicioso. El archivo malicioso podría ejecutarse en el sistema afectado con los privilegios del usuario que está ejecutando la aplicación. • https://github.com/zencart/zencart/issues/1443 https://github.com/zhonghaozhao/zencart/issues/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •