MidnightBSD

Advisories for zen-cart

CVE-2005-3996 MEDIUM

SQL injection vulnerability in admin/password_forgotten.php in Zen Cart 1.2.6d and earlier allows remote attackers to execute arbitrary SQL commands via the admin_email parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
zen-cart zen_cart *
CVE-2006-0697 HIGH

Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
zen-cart zen_cart 1.2.4.1
zen-cart zen_cart 1.2.2d
zen-cart zen_cart 1.1.0
zen-cart zen_cart 1.2.1
zen-cart zen_cart 1.2.0d
zen-cart zen_cart 1.1.3
zen-cart zen_cart 1.2.5d
zen-cart zen_cart 1.2.1d
zen-cart zen_cart 1.2.4d
zen-cart zen_cart *
zen-cart zen_cart 1.2.3d
CVE-2011-4547 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in includes/templates/template_default/common/tpl_header_test_info.php in Zen Cart 1.3.9h, when debugging is enabled, might allow remote attackers to inject arbitrary web script or HTML via the (1) main_page parameter or (2) PATH_INFO, a different vulnerability than CVE-2011-4567.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
zen-cart zen_cart 1.3.9h
CVE-2011-4567 MEDIUM

Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send action to index.php, a different vulnerability than CVE-2011-4547.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
zen-cart zen_cart 1.2.4.1
zen-cart zen_cart 1.2.2d
zen-cart zen_cart 1.1.0
zen-cart zen_cart 1.3.6
zen-cart zen_cart 1.2.0d
zen-cart zen_cart 1.3.2
zen-cart zen_cart 1.3.5
zen-cart zen_cart 1.3.0.2
zen-cart zen_cart 1.2.1
zen-cart zen_cart 1.3.8
zen-cart zen_cart 1.2.6d
zen-cart zen_cart 1.3
zen-cart zen_cart 1.1.3
zen-cart zen_cart 1.2.5d
zen-cart zen_cart 1.3.8a
zen-cart zen_cart 1.2.1d
zen-cart zen_cart 1.2.4d
zen-cart zen_cart *
zen-cart zen_cart 1.3.7
zen-cart zen_cart 1.2.3d
CVE-2012-1413 LOW

Cross-site scripting (XSS) vulnerability in zc_install/includes/modules/pages/database_setup/header_php.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the db_username parameter to zc_install/index.php.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
zen-cart zen_cart 1.2.0d
zen-cart zen_cart 1.3.2
zen-cart zen_cart 1.2.1
zen-cart zen_cart 1.2.6d
zen-cart zen_cart 1.3
zen-cart zen_cart 1.1.3
zen-cart zen_cart 1.2.5d
zen-cart zen_cart 1.3.8a
zen-cart zen_cart 1.2.4d
zen-cart zen_cart 1.2.3d
zen-cart zen_cart 1.2.4.1
zen-cart zen_cart 1.2.2d
zen-cart zen_cart 1.1.0
zen-cart zen_cart 1.3.6
zen-cart zen_cart 1.3.5
zen-cart zen_cart 1.2.1_patch1
zen-cart zen_cart 2008
zen-cart zen_cart 1.3.0.2
zen-cart zen_cart 1.3.8
zen-cart zen_cart 1.3.9h
zen-cart zen_cart 1.2.1d
zen-cart zen_cart *
zen-cart zen_cart 1.3.7
zen-cart zen_cart 1.3.9
CVE-2012-5805 MEDIUM

The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2012-5806.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
zen-cart zen_cart -
paypal instant_payment_notification -
CVE-2012-5806 MEDIUM

The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function, a different vulnerability than CVE-2012-5805.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
zen-cart zen_cart -
paypal payments_pro -
CVE-2012-5807 MEDIUM

The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
zen-cart zen_cart -
lincolnloop authorize.net_echeck_module -
CVE-2012-5808 MEDIUM

The LinkPoint module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
firstdata linkpoint -
zen-cart zen_cart -
CVE-2015-0882 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to admin/includes/init_includes/init_sanitize.php and includes/init_includes/init_sanitize.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
zen-cart zen_cart 1.3.0.2
zen-cart zen_cart 1.5.0
zen-cart zen_cart 1.5.1
zen-cart zen_cart 1.3.0.0
zen-cart zen_cart 1.3.0.1
CVE-2015-8352 HIGH

Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
zen-cart zen_cart 1.5.4
CVE-2017-10667 MEDIUM

In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
zen-cart zen_cart 1.6.0
CVE-2017-11675 MEDIUM

The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the admin_name array parameter to admin_dir/login.php, if there is an export of an error-log entry for that invalid array index.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
zen-cart zen_cart 1.5.5e
CVE-2017-8833 MEDIUM

Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor's README.md file offers a link to v160.zip with a description of "Download latest in-development version from github."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
zen-cart zen_cart 1.6.0
CVE-2020-6578 MEDIUM

Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to includes/templates/template_default/common/tpl_main_page.php or includes/templates/responsive_classic/common/tpl_main_page.php.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
zen-cart zen_cart 1.5.6d
CVE-2021-3291 HIGH

Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
zen-cart zen_cart 1.5.7b