Vulnerabilities > ZEN Cart > High

DATE CVE VULNERABILITY TITLE RISK
2024-08-21 CVE-2024-5762 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Zen-Cart ZEN Cart 1.5.8A
Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability.
network
high complexity
zen-cart CWE-829
8.1
8.1
2021-01-26 CVE-2021-3291 OS Command Injection vulnerability in Zen-Cart ZEN Cart 1.5.7B
Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command.
network
low complexity
zen-cart CWE-78
7.2
7.2
2017-07-27 CVE-2017-11675 Code Injection vulnerability in Zen-Cart ZEN Cart 1.5.5E
The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the admin_name array parameter to admin_dir/login.php, if there is an export of an error-log entry for that invalid array index.
network
low complexity
zen-cart CWE-94
8.8
8.8