CVE-2024-5762

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Zen Cart (affected versions not specified)

Description: This issue allows remote attackers to execute arbitrary code on affected installations of Zen Cart. The specific flaw exists within the findPluginAdminPage function, resulting from the lack of proper validation of user-supplied data prior to passing it to a PHP include function. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-98CWE-829

Related Identifiers

CVE-2024-5762

ZDI-24-883

Affected Products

Zen Cart

CVE-2024-5762

Weakness Enumeration

Related Identifiers

Affected Products

References · 8