Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/record_company.php, which allows remote attackers to execute arbitrary code by uploading a .php file via the record_company_image parameter in conjunction with a PATH_INFO of password_forgotten.php, then accessing this file via a direct request to the file in images/.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zen Cart record_company.php模块远程代码执行漏洞
Vulnerability Description
Zen Cart是Zen Cart团队开发的一套开源的购物车系统。该系统主要用于建立网上商店,可支持多种付款方式、多语言选择、网上商城批量更新等。 Zen Cart没有对admin/record_company.php模块强制管理认证,远程攻击者可以通过record_company_image和PATH_INFO参数上传.php文件,并通过直接请求images/中的文件来访问上传的文件,导致执行任意指令。
CVSS Information
N/A
Vulnerability Type
N/A