11/27/15 Zen Cart Security Patch


Add to Cart:

1. Problem with /ajax.php in v1.5.4 only - Severity: High
In Zen Cart v1.5.4 the /ajax.php file has a vulnerability which can be used to cause a server exploit under very specific conditions.
Requires replacing the ajax.php file with new one

Below are some additional lower-severity patches affecting prior versions, which should be reviewed carefully for your site, to merge with existing customizations you may have made:

2. XSS problem for unsanitized comment field - Severity: Medium
In Zen Cart versions up to and including v1.5.4 an XSS problem exists with the order-comments field.
XSS problems are where someone can drop in executable/javascript code that can cause problems later when that content is output back to the screen.
Requires patching /includes/modules/pages/checkout_confirmation/header_php.php,

3. Failed customer login puts password back in input box - Severity: Low
When attempting a login with an invalid password, the resulting response contains that invalid password.
Requires patching /includes/functions/html_output.php file


Customers who bought this product also purchased...

Your header in Here

Customer Reviews

Judy is a pleasure to do business with

I came across Judy by accident, Google actually, after having had trouble with a couple of people who were not interested in helping develop a...

Great Service

Judy is excellent in web design and help with zen cart. I highly recommend her services. Fast, efficient and great quality work. She is very...

Judy Rocks!!

Judy is absolutely the BEST! She did in less than three days what another person had been working on for three months and still didn't have it up and...

Zencart Guru

Judy Gunderson and staff are so talented if you have a Zencart website as I do. I found her on the internet while having a zencart problem and she...

Judy is Truly the ZenCart Guru

Judy took on the massive task of moving my web store from a godaddy server to a new server, upgrading ZenCart to the latest version, giving the site...

Who's Online

There currently are 5 guests online.
Copyright © 2004 - 2018 ZenCart Ecommerce Website Design
Zen Cart Templates Zen Cart Guru
Powered by Zen Cart