CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-5762

Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Zen Cart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the findPluginAdminPage function. The issue results from the lack of proper validation of user-supplied data prior to passing it to a PHP include function. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. Was ZDI-CAN-21408.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.086

EPSS Ranking 92.0%

CVSS Severity

CVSS v3 Score 8.1

References

https://docs.zen-cart.com/release/whatsnew_2.0.0
https://www.zerodayinitiative.com/advisories/ZDI-24-883/

Products affected by CVE-2024-5762

Zen-Cart » Zen Cart » Version: 1.5.8a

cpe:2.3:a:zen-cart:zen_cart:1.5.8a

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-5762

Products

Pricing

Contact Us