CVE-2011-4403

Zen Cart 1.3.9h - CSRF

Title source: llm

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a product via a setflag action to categories.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DisK0nn3cT · htmlwebappsphp

https://www.exploit-db.com/exploits/36688

View Code ZIP pw:eip

References (2)

[Third Party Advisory, VDB Entry] http://osvdb.org/79137

[Exploit] http://seclists.org/fulldisclosure/2012/Feb/171

Scores

EPSS 0.0046

EPSS Percentile 63.9%

Details

CWE

CWE-352

Status published

Products (1)

zen-cart/zen_cart 1.3.9h

Published Apr 24, 2015

Tracked Since Feb 18, 2026