GHSA-38f9-4vhq-9cr8

Suggest an improvement
Source
https://github.com/advisories/GHSA-38f9-4vhq-9cr8
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-38f9-4vhq-9cr8/GHSA-38f9-4vhq-9cr8.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-38f9-4vhq-9cr8
Aliases
Published
2022-05-24T17:40:23Z
Modified
2024-02-16T08:15:07.600968Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Zen Cart vulnerable to authenticated remote code execution
Details

Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command.

References

Affected packages

Packagist / zencart/zencart

Package

Name
zencart/zencart
Purl
pkg:composer/zencart/zencart

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.7c

Affected versions

v1.*

v1.5.6a
v1.5.6b
v1.5.6b-2019-05-27
v1.5.6

Database specific

{
    "last_known_affected_version_range": "<= 1.5.7b"
}