11/27/15 Zen Cart Security Patch


    

25.00

Add to Cart:

1. Problem with /ajax.php in v1.5.4 only - Severity: High
In Zen Cart v1.5.4 the /ajax.php file has a vulnerability which can be used to cause a server exploit under very specific conditions.
Requires replacing the ajax.php file with new one

Below are some additional lower-severity patches affecting prior versions, which should be reviewed carefully for your site, to merge with existing customizations you may have made:

2. XSS problem for unsanitized comment field - Severity: Medium
In Zen Cart versions up to and including v1.5.4 an XSS problem exists with the order-comments field.
XSS problems are where someone can drop in executable/javascript code that can cause problems later when that content is output back to the screen.
Requires patching /includes/modules/pages/checkout_confirmation/header_php.php,

3. Failed customer login puts password back in input box - Severity: Low
When attempting a login with an invalid password, the resulting response contains that invalid password.
Requires patching /includes/functions/html_output.php file
 


Customers who bought this product also purchased...

Shopping Cart

Your cart is empty.

Customer Reviews

You are so appreciated!

You are, as always, such a gem and so amazingly appreciated. I will be discussing our next steps regarding hookahshisha with my staff so we may...
Read More ->


My Angel

My Angel

I wasted 2 weeks of my precious working time TRYING to figure out what I needed to learn to achieve my goal of moving to a new server, upgrading my...
Read More ->


Thank you, Judy!

With much stress and disarray of trying to install and operate Zen Cart on my own, I called Judy. Instantly we hit it off and she effortlessly got my...
Read More ->


I could not be HAPPIER that we found JUDY!!!!!!

I came across Judy on a Google search (as I read others have too). I called her after searching through her site and reading what folks had to say...
Read More ->


Judy is Truly the ZenCart Guru

Judy took on the massive task of moving my web store from a godaddy server to a new server, upgrading ZenCart to the latest version, giving the site...
Read More ->


Who's Online

There currently are 8 guests online.
Copyright © 2004 - 2020 ZenCart Ecommerce Website Design
Zen Cart Templates Zen Cart Guru
Powered by Zen Cart