SECUNIA ADVISORY ID: SA35550
VERIFY ADVISORY: http://secunia.com/advisories/35550/
CRITICAL: Moderately Critical
DESCRIPTION: A vulnerability has been discovered in Zen Cart, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is confirmed in version 1.3.8a (full fileset 12112007). Other versions may also be affected.
The vulnerability is caused due to the application not properly restricting access to the administration panel. This can be exploited to access certain administrative functions, which can used to e.g. conduct SQL injection attacks and upload and execute arbitrary PHP code.
Note: Successful exploitation requires that the "admin" folder was not correctly renamed during the installation process.
SOLUTION: Apply patch: http://www.zen-cart.com/forum/attachment.php?attachmentid=5943&d=1245789282
PROVIDED AND/OR DISCOVERED BY: BlackH
http://milw0rm.com/exploits/9004
http://milw0rm.com/exploits/9005
ORIGINAL ADVISORY: Zen Cart: http://www.zen-cart.com/forum/showthread.php?t=130161
Zen Cart Administration Security Bypass VulnerabilityPosted on Wednesday, June 24, 2009 @ 20:20:50 CDT in Security |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
