First published: Thu Aug 24 2017(Updated: )
Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zen Cart | =1.5.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-8352 has a medium severity rating due to its potential to allow unauthorized file inclusion.
To fix CVE-2015-8352, you should update Zen Cart to a version that addresses this vulnerability.
CVE-2015-8352 affects users running Zen Cart version 1.5.4.
CVE-2015-8352 exploits a directory traversal vulnerability allowing attackers to include arbitrary local files through manipulated parameters.
If you are affected by CVE-2015-8352, immediately apply the security patch or upgrade Zen Cart to mitigate the risks.