CVE-2009-2255

NONECVSS 0.0

0.0

Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/record_company.php, which allows remote attackers to execute arbitrary code by uploading a .php file via the record_company_image parameter in conjunction with a PATH_INFO of password_forgotten.php, then accessing this file via a direct request to the file in images/.

🔗 References (14)

cve@mitrehttp://secunia.com/advisories/35550
cve@mitrehttp://www.exploit-db.com/exploits/9004
cve@mitrehttp://www.osvdb.org/55344
cve@mitrehttp://www.securityfocus.com/bid/35467
cve@mitrehttp://www.zen-cart.com/forum/attachment.php?attachmentid=5965
cve@mitrehttp://www.zen-cart.com/forum/showthread.php?t=130161
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/51316
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35550
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/9004
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/55344
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/35467
af854a3a-2127-422b-91ae-364da2661108http://www.zen-cart.com/forum/attachment.php?attachmentid=5965
af854a3a-2127-422b-91ae-364da2661108http://www.zen-cart.com/forum/showthread.php?t=130161
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/51316

Is Your Infrastructure Affected by CVE-2009-2255?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2009-2255

📅 Published

🔄 Last Modified

🔗 References (14)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2009-2255?