GHSA-c9r9-3h38-r7vj

Source

https://github.com/advisories/GHSA-c9r9-3h38-r7vj

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-c9r9-3h38-r7vj/GHSA-c9r9-3h38-r7vj.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-c9r9-3h38-r7vj

Aliases

CVE-2017-11675

Published

2022-05-17T02:20:07Z

Modified

2024-02-16T08:11:29.859890Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Authenticated RCE in Zen Cart 1.5.5e

Details

The traverseStrictSanitize function in admindir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the adminname array parameter to admin_dir/login.php, if there is an export of an error-log entry for that invalid array index.

Database specific

{
    "nvd_published_at": "2017-07-27T06:29:00Z",
    "cwe_ids": [
        "CWE-94"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-07T00:08:36Z"
}

References

Affected packages

Packagist / zencart/zencart

Package

Name: zencart/zencart
Purl: pkg:composer/zencart/zencart

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

v1.*

v1.5.6a

v1.5.6b

v1.5.6b-2019-05-27

v1.5.6

v1.5.7a

v1.5.7b

v1.5.7

v1.5.8a

v1.5.8-alpha2

v1.5.8

v2.*

v2.0.0-alpha1

Database specific

{
    "last_known_affected_version_range": "< 1.5.5e"
}