Description

Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command.

Remediation

References

CVE-2021-3291

Related Vulnerabilities

WordPress Plugin YITH WooCommerce Mailchimp Security Bypass (2.1.3)

WordPress Plugin Gallery-Image and Video Gallery with Thumbnails SQL Injection (2.0.3)

MySQL CVE-2013-1526 Vulnerability (CVE-2013-1526)

WordPress Plugin WP Yelp Review Slider SQL Injection (7.0)

WordPress 'blog.header.php' Multiple SQL Injection Vulnerabilities (0.6.2 - 0.71)

Severity

High

Classification

CVE-2021-3291 CWE-138 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities