CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-8352

Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.385

EPSS Ranking 97.1%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

http://www.securityfocus.com/archive/1/537129/100/0/threaded
https://www.exploit-db.com/exploits/39017/
https://www.htbridge.com/advisory/HTB23282
https://www.zen-cart.com/showthread.php?218914-Security-Patches-for-v1-5-4-November-2015
http://www.securityfocus.com/archive/1/537129/100/0/threaded
https://www.exploit-db.com/exploits/39017/
https://www.htbridge.com/advisory/HTB23282
https://www.zen-cart.com/showthread.php?218914-Security-Patches-for-v1-5-4-November-2015

Products affected by CVE-2015-8352

Zen-Cart » Zen Cart » Version: 1.5.4

cpe:2.3:a:zen-cart:zen_cart:1.5.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-8352

Products

Pricing

Contact Us