ZenCart Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability - CVE-2021-3291 - Vulnerability Database
ZenCart Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability - CVE-2021-3291
High
Reference:
CVE-2021-3291
Title:
ZenCart Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability
Overview:
Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command.