Zen Cart

Zen Cart

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2008-6877

Exploit
  • EPSS 0.34%
  • Veröffentlicht 27.07.2009 14:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Directory traversal vulnerability in admin/includes/initsystem.php in Zen Cart 1.3.8 and 1.3.8a, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the loader_file parameter. N...

6.8

CVE-2008-6878

Exploit
  • EPSS 0.34%
  • Veröffentlicht 27.07.2009 14:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Directory traversal vulnerability in admin/includes/languages/english.php in Zen Cart 1.3.8a, 1.3.8, and earlier, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _SESSION...

8.5

CVE-2007-3597

  • EPSS 1.23%
  • Veröffentlicht 06.07.2007 18:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter.

4

CVE-2006-5119

Exploit
  • EPSS 0.75%
  • Veröffentlicht 03.10.2006 04:03:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart 1.3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_name or (2) admin_pass parameter in (a) admin/login.php, or the (3) admin_email parameter in (b) adm...

7.5

CVE-2006-4218

Exploit
  • EPSS 1.4%
  • Veröffentlicht 17.08.2006 23:04:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Directory traversal vulnerability in Zen Cart 1.3.0.2 and earlier allows remote attackers to include and possibly execute arbitrary local files via directory traversal sequences in the typefilter parameter.

7.5

CVE-2006-4214

  • EPSS 1.3%
  • Veröffentlicht 17.08.2006 21:04:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) GPC data to the ipn_get_stored_session function in ipn_main_handler.php, which can be leveraged to modify elements...

5.1

CVE-2006-4215

  • EPSS 4.2%
  • Veröffentlicht 17.08.2006 21:04:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

PHP remote file inclusion vulnerability in index.php in Zen Cart 1.3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the autoLoadConfig[999][0][loadFile] parameter.

5

CVE-2006-3757

  • EPSS 0.35%
  • Veröffentlicht 21.07.2006 14:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain sensitive information via empty (1) _GET[], (2) _SESSION[], (3) _POST[], (4) _COOKIE[], or (5) _SESSION[] array parameters, which reveals the installation path in an error message. NOTE...

7.5

CVE-2006-0696

  • EPSS 0.62%
  • Veröffentlicht 15.02.2006 11:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in Zen Cart before 1.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

10

CVE-2006-0698

  • EPSS 0.5%
  • Veröffentlicht 15.02.2006 11:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote attackers to cause unknown impact via unspecified vectors related to "other attempted exploits" other than SQL injection.