Zen-cart

Zen Cart

28 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2025-9103

Exploit
  • EPSS 0.04%
  • Veröffentlicht 18.08.2025 03:02:06
  • Zuletzt bearbeitet 18.08.2025 20:16:28

A vulnerability was detected in ZenCart 2.1.0. Affected by this vulnerability is an unknown functionality of the component CKEditor. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed t...

8.1

CVE-2024-5762

  • EPSS 6.92%
  • Veröffentlicht 21.08.2024 17:15:08
  • Zuletzt bearbeitet 23.08.2024 16:43:19

Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Zen Cart. Authentication is not required to exploit this vulnerab...

6.1

CVE-2020-6578

Exploit
  • EPSS 0.24%
  • Veröffentlicht 19.03.2021 04:15:13
  • Zuletzt bearbeitet 21.11.2024 05:35:59

Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to includes/templates/template_default/common/tpl_main_page.php or includes/templates/responsive_classic/common/tpl_main_page.php.

9

CVE-2021-3291

Exploit
  • EPSS 38.66%
  • Veröffentlicht 26.01.2021 18:16:29
  • Zuletzt bearbeitet 21.11.2024 06:21:13

Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command.

10

CVE-2015-8352

Exploit
  • EPSS 38.49%
  • Veröffentlicht 24.08.2017 21:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.

8.8

CVE-2017-11675

  • EPSS 0.72%
  • Veröffentlicht 27.07.2017 06:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array ind...

6.1

CVE-2017-10667

  • EPSS 0.22%
  • Veröffentlicht 29.06.2017 00:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS.

6.1

CVE-2017-8833

Exploit
  • EPSS 0.24%
  • Veröffentlicht 08.05.2017 06:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor's README.md file offers a link to v160.zip with a description of "Download latest in-development version from github."

5.8

CVE-2011-4403

Exploit
  • EPSS 0.39%
  • Veröffentlicht 24.04.2015 14:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disab...

4.3

CVE-2015-0882

  • EPSS 0.44%
  • Veröffentlicht 27.02.2015 02:59:35
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to...