CVE Tools

zen cart

Web & CMS Pluginsoss-project

10

Cumulative CVEs

4

Monthly snapshots

#48

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting zen cart.

CVE-2024-5762Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability8.1Aug 21, 2024
CVE-2008-6878Directory traversal vulnerability in admin/includes/languages/english.php in Zen Cart 1.3.8a, 1.3.8, and earlier, when .htaccess is not supported, allows remote attackers to include and execute arb...6.8Jul 27, 2009
CVE-2008-6877Directory traversal vulnerability in admin/includes/initsystem.php in Zen Cart 1.3.8 and 1.3.8a, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local file...6.8Jul 27, 2009
CVE-2007-3597Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter.8.5Jul 6, 2007
CVE-2006-6868Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web Shopping Cart before 1.3.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.6.8Jan 4, 2007
CVE-2006-5119Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart 1.3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_name or (2) admin_pass parameter in (a) admin/l...4.0Oct 2, 2006
CVE-2006-4218Directory traversal vulnerability in Zen Cart 1.3.0.2 and earlier allows remote attackers to include and possibly execute arbitrary local files via directory traversal sequences in the typefilter p...7.5Aug 17, 2006
CVE-2006-4215PHP remote file inclusion vulnerability in index.php in Zen Cart 1.3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the autoLo...5.1Aug 17, 2006
CVE-2006-4214Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) GPC data to the ipn_get_stored_session function in ipn_main_h...7.5Aug 17, 2006
CVE-2006-3757index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain sensitive information via empty (1) _GET[], (2) _SESSION[], (3) _POST[], (4) _COOKIE[], or (5) _SESSION[] array parameters, which rev...5.0Jul 21, 2006
CVE-2006-0698Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote attackers to cause unknown impact via unspecified vectors related to "other attempted exploits" other than SQL injection.10.0Feb 15, 2006
CVE-2006-0696SQL injection vulnerability in Zen Cart before 1.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.7.5Feb 15, 2006
CVE-2005-3997Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including (1) gr...2.6Dec 5, 2005
CVE-2004-2025SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 before patch 2 may allow remote attackers to execute arbitrary SQL commands via the products_id parameter.7.5May 10, 2005
CVE-2004-2024The distribution of Zen Cart 1.1.4 before patch 2 includes certain debugging code in the Admin password retrieval functionality, which allows attackers to gain administrative privileges via passwor...7.5May 10, 2005