← Back

Zen Cart

zen_cart

42 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Zen Cart
zen_cart
41 CVEs
Web Shopping Cart
web_shopping_cart
1 CVE

CVEs (42)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2004-2024
1Zen Cart
1Zen Cart
Apr 16, 2026
Dec 31, 2004
N/A· v4
N/A· v3
7.5 HIGH· v2
The distribution of Zen Cart 1.1.4 before patch 2 includes certain debugging code in the Admin password retrieval functionality, which allows attackers to gain administrative privileges via password_forgotten.php.
CVE-2004-2023
1Zen Cart
1Zen Cart
Apr 16, 2026
Dec 31, 2004
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 before patch 1, and possibly other versions allows remote attackers to execute arbitrary SQL via the (1) admin_name or (2) admin_pass parameters.