EIP-2026-114597

PRE-CVE

Zen Cart 1.3.9h - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114597. PoCs published by Dr. Alberto Fontanella.

AI-analyzed exploit summary This is a technical writeup detailing multiple vulnerabilities in Zen Cart, including full path disclosure, reflected and stored XSS, and arbitrary file upload. It provides specific exploit paths and conditions but does not include functional exploit code.

Description

Zen Cart 1.3.9h - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP

by Dr. Alberto Fontanella · textwebappsphp

https://www.exploit-db.com/exploits/17308

View Code ZIP pw:eip

This is a technical writeup detailing multiple vulnerabilities in Zen Cart, including full path disclosure, reflected and stored XSS, and arbitrary file upload. It provides specific exploit paths and conditions but does not include functional exploit code.

Classification

Writeup 95%

Attack Type

Xss | Info Leak | Other

Complexity

Trivial

Reliability

Reliable

Target: Zen Cart 1.3.9f, 1.3.9h

Auth required

Prerequisites: Access to admin panel for stored XSS and file upload · User interaction for reflected XSS

MITRE ATT&CK

T1059.007 - JavaScript T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026