Description

Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command.

Remediation

References

CVE-2021-3291

Related Vulnerabilities

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4408)

WordPress Plugin NextScripts:Social Networks Auto-Poster Cross-Site Scripting (4.3.20)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-21370)

PHP Resource Management Errors Vulnerability (CVE-2012-0830)

RubyGems Deserialization of Untrusted Data Vulnerability (CVE-2018-1000074)

Severity

High

Classification

CVE-2021-3291 CWE-138 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities