strangetruenews

Critical vulnerabilities in Zen Cart patched

A Switzerland based Security firm High - Tech Bridge reported critical security issue in Zen Cart , a popular open source shopping cart soft...

A Switzerland based Security firm High - Tech Bridge reported critical security issue in Zen Cart , a popular open source shopping cart software used by large number of websites . The issue was exploited on November 25 , and it was patched within 24 hours by Zen Cart .

The vulnerability was related to PHP file inclusion affecting /ajax.php file . Exploiting the vulnerability , a remote attacker could execute arbitrary PHP code and get unlimited access to thr files and database of application . According to High-Tech Bridge CEO Kolochenko ,vulnerabiltiy was very easy to exploitation was possible even on hardened webservers.

Only the recent version of Zen Cart 1.5.4 had security flaw , as previous versions didn't have vulnerable script , so it could be just fixed by replacing /ajax.php file with the patched version .

There were other patches released for medium severity and low level severity vulnerabilities released by Zen Cart. One of the medium severe vulnerability patch had  issue in cross site scripting (XSS ) in "order - comments " ,security hole was reported by Trustware and it affected Zen cart 1.5.4 and  earlier versions . There was one patch released for low severity issue as well , the issue was storing incorrect password in input field which was causing invalid login attempts .

There were other XSS vulnerabilities exposed by Trustware ,whose patches have not been released yet and  which have been classified as low severity As those vulnerabilities could not be exploited without admin logins  and they couldn't be harmed by the third party .

Post a Comment Default Comments Disqus Comments

emo-but-icon

Weather Today!

Read More News

Random Article

Hot in week

Popular Posts

Recent

STN

Comments

item