Web application security firm High-Tech Bridge notified Zen Cart, one of the largest online store management systems, of a critical flaw that comes at a time when online retailers witness high sales with Black Friday and Christmas shopping.
The detected vulnerability allows remote attackers to execute arbitrary code on the vulnerable web applications with privileges of the web server, compromise entire web application databases (including all customers’ data), and place malware on the vulnerable website. The vendor has been already notified about the issue.
Zen Cart is being used on hundreds of thousands live e-commerce websites. Ilia Kolochenko, High-Tech Bridge’s CEO and Chief Architect of ImmuniWeb have the following comments on it.