CVE-2017-11675

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-11675

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-11675.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-11675

Aliases

GHSA-c9r9-3h38-r7vj

Published

2017-07-27T06:29:00Z

Modified

2024-05-14T05:51:46.677850Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The traverseStrictSanitize function in admindir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the adminname array parameter to admin_dir/login.php, if there is an export of an error-log entry for that invalid array index.

References

https://github.com/imp0wd3r/vuln-papers/tree/master/zencart-155e-auth-rce

Affected packages

Git / github.com/zencart/zencart

Affected ranges

Type: GIT
Repo: https://github.com/zencart/zencart
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

bdae3d83c6997537441d74da09857e06896309fd

Affected versions

v1.*

v1.5.1

v1.5.2

v1.5.3

v1.5.4

v1.5.5