2 results (0.004 seconds)

CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 4

Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command. Zen Cart versión 1.5.7b, permite a administradores ejecutar comandos arbitrarios del Sistema Operativo inspeccionando un elemento de entrada de radio HTML (dentro de la página de edición de módulos) e insertando un comando • https://www.exploit-db.com/exploits/49608 https://github.com/ImHades101/CVE-2021-3291 http://packetstormsecurity.com/files/161613/Zen-Cart-1.5.7b-Remote-Code-Execution.html https://github.com/MucahitSaratar/zencart_auth_rce_poc • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 2.6EPSS: 0%CPEs: 25EXPL: 0

Cross-site scripting (XSS) vulnerability in zc_install/includes/modules/pages/database_setup/header_php.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the db_username parameter to zc_install/index.php. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en zc_install/includes/modules/pages/database_setup/header_php.php en Zen Cart 1.5.0 y anteriores cuando el software está siendo instalado, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro de db_username zc_install / index.php. • https://www.trustwave.com/spiderlabs/advisories/TWSL2012-004.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •