Summary
Zen Cart is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include local file-include, SQL-injection, and HTML- injection issues.
Exploiting these issues can allow attacker-supplied HTML and script code to run in the context of the affected browser, allowing attackers to steal cookie-based authentication credentials, view local files within the context of the webserver, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible.
Zen Cart v1.3.9f is vulnerable
other versions may also be affected.
Solution
Updates are available. Please see the reference for more details.
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
- Apache Web Server ETag Header Information Disclosure Weakness
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
- Apache Rave User Information Disclosure Vulnerability
- Apache ActiveMQ Source Code Information Disclosure Vulnerability