Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
ZenCart Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability - CVE-2021-3291 - Vulnerability Database
ZenCart

ZenCart Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability - CVE-2021-3291

High
Reference: CVE-2021-3291
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-3291
Title: ZenCart Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability
Overview:

Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command.