Skip to main content

Zen Cart

12 CVEs product

Monthly

CVE-2024-5762 HIGH This Week

Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

LFI RCE PHP Zen Cart
NVD
CVSS 3.1
8.1
EPSS
71.6%
CVE-2021-3291 PHP HIGH POC PATCH THREAT This Week

Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Zen Cart
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
16.8%
CVE-2015-8352 CRITICAL POC PATCH THREAT Act Now

Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.5%.

Path Traversal PHP Zen Cart
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
38.5%
Threat
4.6
CVE-2017-11675 PHP HIGH This Week

The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection PHP Zen Cart
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-10667 MEDIUM This Month

In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Zen Cart
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-8833 MEDIUM POC This Month

Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zen Cart
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-0882 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Zen Cart
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-5808 MEDIUM POC This Month

The LinkPoint module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Linkpoint Zen Cart
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5807 MEDIUM POC This Month

The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Authorize Net Echeck Module Zen Cart
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5806 MEDIUM POC This Month

The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Information Disclosure Payments Pro Zen Cart
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-5805 MEDIUM POC This Month

The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Instant Payment Notification Zen Cart
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-1413 LOW Monitor

Cross-site scripting (XSS) vulnerability in zc_install/includes/modules/pages/database_setup/header_php.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Zen Cart
NVD
CVSS 2.0
2.6
EPSS
0.2%
EPSS 72% CVSS 8.1
HIGH This Week

Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

LFI RCE PHP +1
NVD
EPSS 17% CVSS 7.2
HIGH POC PATCH THREAT This Week

Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Zen Cart
NVD GitHub Exploit-DB
EPSS 38% 4.6 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.5%.

Path Traversal PHP Zen Cart
NVD Exploit-DB
EPSS 1% CVSS 8.8
HIGH This Week

The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection PHP +1
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Zen Cart
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zen Cart
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Zen Cart
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM POC This Month

The LinkPoint module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Linkpoint Zen Cart
NVD
EPSS 0% CVSS 5.8
MEDIUM POC This Month

The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Authorize Net Echeck Module Zen Cart
NVD
EPSS 0% CVSS 5.8
MEDIUM POC This Month

The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Information Disclosure Payments Pro +1
NVD
EPSS 0% CVSS 5.8
MEDIUM POC This Month

The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Instant Payment Notification Zen Cart
NVD
EPSS 0% CVSS 2.6
LOW Monitor

Cross-site scripting (XSS) vulnerability in zc_install/includes/modules/pages/database_setup/header_php.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Zen Cart
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy