Vulnerabilities > ZEN Cart
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-21 | CVE-2024-5762 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Zen-Cart ZEN Cart 1.5.8A Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability. | 8.1 |
| 2021-03-19 | CVE-2020-6578 | Cross-site Scripting vulnerability in Zen-Cart ZEN Cart 1.5.6D Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to includes/templates/template_default/common/tpl_main_page.php or includes/templates/responsive_classic/common/tpl_main_page.php. | 6.1 |
| 2021-01-26 | CVE-2021-3291 | OS Command Injection vulnerability in Zen-Cart ZEN Cart 1.5.7B Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command. | 7.2 |
| 2017-08-24 | CVE-2015-8352 | Path Traversal vulnerability in Zen-Cart ZEN Cart 1.5.4 Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. | 9.8 |
| 2017-07-27 | CVE-2017-11675 | Code Injection vulnerability in Zen-Cart ZEN Cart 1.5.5E The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the admin_name array parameter to admin_dir/login.php, if there is an export of an error-log entry for that invalid array index. | 8.8 |
| 2017-06-29 | CVE-2017-10667 | Cross-site Scripting vulnerability in Zen-Cart ZEN Cart 1.6.0 In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS. | 6.1 |
| 2017-05-08 | CVE-2017-8833 | Cross-site Scripting vulnerability in Zen-Cart ZEN Cart 1.6.0 Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. | 6.1 |