all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

ZDI-24-883: Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability

Add to bookmarks
June 26, 2024, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Zen Cart. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.1. The following CVEs are assigned: CVE-2024-5762.

arbitrary code attackers authentication code code execution cve cve-2024 cves cvss exploit file inclusion local rating remote code remote code execution vulnerability zdi

Visit resource

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-883: Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability 5 days, 5 hours ago | www.zerodayinitiative.com
arbitrary code attackers authentication code +14
ZDI-24-882: VMware vCenter Server Appliance License Server Uncontrolled Memory Allocation Denial-of-Service Vulnerability 6 days, 5 hours ago | www.zerodayinitiative.com
attackers authentication cve cve-2024 +16
ZDI-24-840: (Pwn2Own) Wyze Cam v3 TCP Traffic Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability 1 week, 3 days ago | www.zerodayinitiative.com
arbitrary code attackers authentication buffer +25
ZDI-24-839: (Pwn2Own) Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability 1 week, 3 days ago | www.zerodayinitiative.com
arbitrary code attackers authentication cam +21
ZDI-24-838: (Pwn2Own) Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability 1 week, 3 days ago | www.zerodayinitiative.com
arbitrary code attackers authentication cam +23
ZDI-24-837: (Pwn2Own) Wyze Cam v3 Realtek Wi-Fi Driver Heap-Based Buffer Overflow Remote Code Execution Vulnerability 1 week, 3 days ago | www.zerodayinitiative.com
arbitrary code attackers authentication buffer +24
ZDI-24-836: (Pwn2Own) Synology BC500 update_ntp_config Command Injection Remote Code Execution Vulnerability 1 week, 3 days ago | www.zerodayinitiative.com
arbitrary code attackers authentication cameras +16
ZDI-24-835: (Pwn2Own) Synology BC500 Protection Mechanism Failure Software Downgrade Vulnerability 1 week, 3 days ago | www.zerodayinitiative.com
attackers authentication cameras cvss +11
ZDI-24-834: (Pwn2Own) Synology BC500 Improper Compartmentalization Local Privilege Escalation Vulnerability 1 week, 3 days ago | www.zerodayinitiative.com
attacker attackers cameras code +18

Jobs in InfoSec / Cybersecurity

Find Talent

Senior Streaming Platform Engineer

@ Armis Security | Tel Aviv-Yafo, Tel Aviv District, Israel
View on infosec-jobs.com

Senior Streaming Platform Engineer

@ Armis Security | Tel Aviv-Yafo, Tel Aviv District, Israel
View on infosec-jobs.com

Deputy Chief Information Officer of Operations (Senior Public Service Administrator, Opt. 3)

@ State of Illinois | Springfield, IL, US, 62701-1222
View on infosec-jobs.com

Deputy Chief Information Officer of Operations (Senior Public Service Administrator, Opt. 3)

@ State of Illinois | Springfield, IL, US, 62701-1222
View on infosec-jobs.com

Analyst, Security

@ DailyPay | New York City
View on infosec-jobs.com

Analyst, Security

@ DailyPay | New York City
View on infosec-jobs.com