Description

Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.

Remediation

References

CVE-2015-8352

Related Vulnerabilities

WordPress Plugin Constant Contact Forms Cross-Site Scripting (1.8.7)

Nginx CVE-2010-4180 Vulnerability (CVE-2010-4180)

WordPress Plugin Video Lead Form 'errMsg' Parameter Cross-Site Scripting (0.5)

WebLogic Improper Input Validation Vulnerability (CVE-2021-45105)

WordPress Plugin Themify Portfolio Post Cross-Site Scripting (1.2.0)

Severity

Critical

Classification

CVE-2015-8352 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities