SQL injection vulnerability in admin/password_forgotten.php in Zen Cart 1.2.6d and earlier allows remote attackers to execute arbitrary SQL commands via the admin_email parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zen-cart | zen_cart | * |
Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zen-cart | zen_cart | 1.2.4.1 |
| zen-cart | zen_cart | 1.2.2d |
| zen-cart | zen_cart | 1.1.0 |
| zen-cart | zen_cart | 1.2.1 |
| zen-cart | zen_cart | 1.2.0d |
| zen-cart | zen_cart | 1.1.3 |
| zen-cart | zen_cart | 1.2.5d |
| zen-cart | zen_cart | 1.2.1d |
| zen-cart | zen_cart | 1.2.4d |
| zen-cart | zen_cart | * |
| zen-cart | zen_cart | 1.2.3d |
Multiple cross-site scripting (XSS) vulnerabilities in includes/templates/template_default/common/tpl_header_test_info.php in Zen Cart 1.3.9h, when debugging is enabled, might allow remote attackers to inject arbitrary web script or HTML via the (1) main_page parameter or (2) PATH_INFO, a different vulnerability than CVE-2011-4567.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zen-cart | zen_cart | 1.3.9h |
Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send action to index.php, a different vulnerability than CVE-2011-4547.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zen-cart | zen_cart | 1.2.4.1 |
| zen-cart | zen_cart | 1.2.2d |
| zen-cart | zen_cart | 1.1.0 |
| zen-cart | zen_cart | 1.3.6 |
| zen-cart | zen_cart | 1.2.0d |
| zen-cart | zen_cart | 1.3.2 |
| zen-cart | zen_cart | 1.3.5 |
| zen-cart | zen_cart | 1.3.0.2 |
| zen-cart | zen_cart | 1.2.1 |
| zen-cart | zen_cart | 1.3.8 |
| zen-cart | zen_cart | 1.2.6d |
| zen-cart | zen_cart | 1.3 |
| zen-cart | zen_cart | 1.1.3 |
| zen-cart | zen_cart | 1.2.5d |
| zen-cart | zen_cart | 1.3.8a |
| zen-cart | zen_cart | 1.2.1d |
| zen-cart | zen_cart | 1.2.4d |
| zen-cart | zen_cart | * |
| zen-cart | zen_cart | 1.3.7 |
| zen-cart | zen_cart | 1.2.3d |
Cross-site scripting (XSS) vulnerability in zc_install/includes/modules/pages/database_setup/header_php.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the db_username parameter to zc_install/index.php.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zen-cart | zen_cart | 1.2.0d |
| zen-cart | zen_cart | 1.3.2 |
| zen-cart | zen_cart | 1.2.1 |
| zen-cart | zen_cart | 1.2.6d |
| zen-cart | zen_cart | 1.3 |
| zen-cart | zen_cart | 1.1.3 |
| zen-cart | zen_cart | 1.2.5d |
| zen-cart | zen_cart | 1.3.8a |
| zen-cart | zen_cart | 1.2.4d |
| zen-cart | zen_cart | 1.2.3d |
| zen-cart | zen_cart | 1.2.4.1 |
| zen-cart | zen_cart | 1.2.2d |
| zen-cart | zen_cart | 1.1.0 |
| zen-cart | zen_cart | 1.3.6 |
| zen-cart | zen_cart | 1.3.5 |
| zen-cart | zen_cart | 1.2.1_patch1 |
| zen-cart | zen_cart | 2008 |
| zen-cart | zen_cart | 1.3.0.2 |
| zen-cart | zen_cart | 1.3.8 |
| zen-cart | zen_cart | 1.3.9h |
| zen-cart | zen_cart | 1.2.1d |
| zen-cart | zen_cart | * |
| zen-cart | zen_cart | 1.3.7 |
| zen-cart | zen_cart | 1.3.9 |
The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2012-5806.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zen-cart | zen_cart | - |
| paypal | instant_payment_notification | - |
The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function, a different vulnerability than CVE-2012-5805.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zen-cart | zen_cart | - |
| paypal | payments_pro | - |
The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zen-cart | zen_cart | - |
| lincolnloop | authorize.net_echeck_module | - |
The LinkPoint module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| firstdata | linkpoint | - |
| zen-cart | zen_cart | - |
Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to admin/includes/init_includes/init_sanitize.php and includes/init_includes/init_sanitize.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zen-cart | zen_cart | 1.3.0.2 |
| zen-cart | zen_cart | 1.5.0 |
| zen-cart | zen_cart | 1.5.1 |
| zen-cart | zen_cart | 1.3.0.0 |
| zen-cart | zen_cart | 1.3.0.1 |
Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zen-cart | zen_cart | 1.5.4 |
In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zen-cart | zen_cart | 1.6.0 |
The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the admin_name array parameter to admin_dir/login.php, if there is an export of an error-log entry for that invalid array index.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zen-cart | zen_cart | 1.5.5e |
Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor's README.md file offers a link to v160.zip with a description of "Download latest in-development version from github."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zen-cart | zen_cart | 1.6.0 |
Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to includes/templates/template_default/common/tpl_main_page.php or includes/templates/responsive_classic/common/tpl_main_page.php.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zen-cart | zen_cart | 1.5.6d |
Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zen-cart | zen_cart | 1.5.7b |