CVE-2006-4215
Zen Cart < 1.3.0.2 - Code Injection
Title source: ruleDescription
PHP remote file inclusion vulnerability in index.php in Zen Cart 1.3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the autoLoadConfig[999][0][loadFile] parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by GulfTech Security · textwebappsphp
https://www.exploit-db.com/exploits/28392
References (6)
Scores
EPSS
0.0420
EPSS Percentile
88.5%
Classification
CWE
CWE-94
Status
draft
Affected Products (1)
zen_cart/zen_cart
< 1.3.0.2
Timeline
Published
Aug 17, 2006
Tracked Since
Feb 18, 2026