ZenCart

Zen Cart truly is the art of e-commerce free user-friendly open source shopping cart software. The ecommerce web site design program is being developed by group of like-minded shop owners programmers designers and consultants that think ecommerce web design could be and should be done differently.

Severity Summary:

Critical: 2 High: 5 Medium: 11 Low: 1
Reference
Title
Severity
ZenCart Permissions Privileges and Access Controls Vulnerability
Critical
ZenCart Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Critical
ZenCart Improper Control of Generation of Code (Code Injection) Vulnerability
High
ZenCart Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability
High
ZenCart Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
ZenCart Other Vulnerability
High
ZenCart Inclusion of Functionality from Untrusted Control Sphere Vulnerability
High
ZenCart Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
ZenCart Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
ZenCart Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
ZenCart Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
ZenCart Improper Input Validation Vulnerability
Medium
ZenCart Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Medium
ZenCart Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Medium
ZenCart Improper Authentication Vulnerability
Medium
ZenCart Cross-Site Request Forgery (CSRF) Vulnerability
Medium
ZenCart Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
ZenCart Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Medium
ZenCart Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Low