Description

Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/record_company.php, which allows remote attackers to execute arbitrary code by uploading a .php file via the record_company_image parameter in conjunction with a PATH_INFO of password_forgotten.php, then accessing this file via a direct request to the file in images/.

Remediation

References

CVE-2009-2255

Related Vulnerabilities

MySQL CVE-2016-0654 Vulnerability (CVE-2016-0654)

e107 Other Vulnerability (CVE-2004-2042)

WordPress Plugin WordPress Filter Gallery Cross-Site Scripting (0.1.5)

Moodle Improper Authentication Vulnerability (CVE-2011-4590)

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-43400)

Severity

Medium

Classification

CVE-2009-2255 CWE-287

Tags

Missing Update Known Vulnerabilities