Vulnerabilities > ZEN Cart > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-01-26 CVE-2021-3291 OS Command Injection vulnerability in Zen-Cart ZEN Cart 1.5.7B
Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command.
network
low complexity
zen-cart CWE-78
critical
 9.0
9.0
2017-08-24 CVE-2015-8352 Path Traversal vulnerability in Zen-Cart ZEN Cart 1.5.4
Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a ..
network
low complexity
zen-cart CWE-22
critical
 10.0
10
2006-02-15 CVE-2006-0698 SQL-Injection vulnerability in Zen Cart
Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote attackers to cause unknown impact via unspecified vectors related to "other attempted exploits" other than SQL injection.
network
low complexity
zen-cart
critical
 10.0
10
2006-02-15 CVE-2006-0697 Permissions, Privileges, and Access Controls vulnerability in Zen-Cart ZEN Cart
Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests.
network
low complexity
zen-cart CWE-264
critical
 10.0
10