Zen Cart ecommerce

Zen Cart is an open source shopping cart software. The ecommerce web site design program is being developed by group of like-minded shop owners, programmers, designers, and consultants that think ecommerce web design could be and should be done differently.

Zen Cart gives web designers a robust and customizable electronic storefront that's easy to keep up-to-date with new features. It provides usable, intuitive and unobtrusive purchase flows right out of the box based on proven industry best-practices - there are no major revisions required to get things right for your clients!

Zen Cart Screenshots

In this page you can see various images of Zen Cart, an Open Source online shop e-commerce

Try Zen Cart below!

Zen Cart OnLine demo
(Username- admin
Password- demo)

 

Share

Zen Cart Security Vulnerabilities

  • Thu, 23 February 2012, 4.50

  • Sun, 12 February 2012, 1.22
    Zen Cart Product Deletion CSRF
    Zen Cart contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for the disabling or deletion of products. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.
    Solution: SOLUTION UNKNOWN!

  • Sun, 27 November 2011, 2.30
    Zen Cart /template_default/templates/tpl_gv_send_default.php message Parameter XSS
    Zen Cart contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'message' parameter upon submission to the /template_default/templates/tpl_gv_send_default.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
    Solution: SOLUTION UNKNOWN!

  • Sun, 27 November 2011, 2.30
    Zen Cart /template_default/common/tpl_header_test_info.php Multiple Parameter XSS
    Zen Cart contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'main_page' and 'PHP_SELF' parameters upon submission to the /template_default/common/tpl_header_test_info.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
    Solution: SOLUTION UNKNOWN!

  • Fri, 05 November 2010, 3.44
    Zen Cart includes/initsystem.php loader_file Parameter Traversal Arbitrary File Access
    Zen Cart contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the 'includes/initsystem.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'loader_file' parameter. This directory traversal attack would allow the attacker to access arbitrary files.
    Solution: SOLUTION UNKNOWN!

  • Fri, 01 October 2010, 19.27
    Zen Cart option_name_manager.php option_order_by Parameter SQL Injection
    Zen Cart contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'option_name_manager.php' script not properly sanitizing user-supplied input to the 'option_order_by' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
    Solution: Upgrade to veion 1.3.9.g or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

  • Fri, 01 October 2010, 19.27
    Zen Cart Admin Panel Multiple XSS
    Zen Cart contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate unspecified parameters upon submission to the admin panel. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
    Solution: Upgrade to veion 1.3.9.g or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.