Zen-cart

Zen Cart

28 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2025-9103

Exploit
  • EPSS 0.04%
  • Published 18.08.2025 03:02:06
  • Last modified 18.08.2025 20:16:28

A vulnerability was detected in ZenCart 2.1.0. Affected by this vulnerability is an unknown functionality of the component CKEditor. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed t...

8.1

CVE-2024-5762

  • EPSS 6.92%
  • Published 21.08.2024 17:15:08
  • Last modified 23.08.2024 16:43:19

Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Zen Cart. Authentication is not required to exploit this vulnerab...

6.1

CVE-2020-6578

Exploit
  • EPSS 0.24%
  • Published 19.03.2021 04:15:13
  • Last modified 21.11.2024 05:35:59

Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to includes/templates/template_default/common/tpl_main_page.php or includes/templates/responsive_classic/common/tpl_main_page.php.

9

CVE-2021-3291

Exploit
  • EPSS 38.66%
  • Published 26.01.2021 18:16:29
  • Last modified 21.11.2024 06:21:13

Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command.

10

CVE-2015-8352

Exploit
  • EPSS 38.49%
  • Published 24.08.2017 21:29:00
  • Last modified 20.04.2025 01:37:25

Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.

8.8

CVE-2017-11675

  • EPSS 0.72%
  • Published 27.07.2017 06:29:00
  • Last modified 20.04.2025 01:37:25

The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array ind...

6.1

CVE-2017-10667

  • EPSS 0.22%
  • Published 29.06.2017 00:29:00
  • Last modified 20.04.2025 01:37:25

In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS.

6.1

CVE-2017-8833

Exploit
  • EPSS 0.24%
  • Published 08.05.2017 06:29:00
  • Last modified 20.04.2025 01:37:25

Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor's README.md file offers a link to v160.zip with a description of "Download latest in-development version from github."

5.8

CVE-2011-4403

Exploit
  • EPSS 0.39%
  • Published 24.04.2015 14:59:00
  • Last modified 12.04.2025 10:46:40

Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disab...

4.3

CVE-2015-0882

  • EPSS 0.44%
  • Published 27.02.2015 02:59:35
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to...