Zen Cart Multiple Input Validation Vulnerabilities Network Vulnerability

Summary

Zen Cart is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include local file-include, SQL-injection, and HTML- injection issues. Exploiting these issues can allow attacker-supplied HTML and script code to run in the context of the affected browser, allowing attackers to steal cookie-based authentication credentials, view local files within the context of the webserver, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible. Zen Cart v1.3.9f is vulnerable other versions may also be affected.

Solution

Updates are available. Please see the reference for more details.

References

http://www.zen-cart.com/
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4966.php
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4967.php
https://www.securityfocus.com/bid/43628

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
Apache Tomcat Login Constraints Security Bypass Vulnerability
Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability
Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities

Take action and discover your vulnerabilities