Black Friday Looms for Millions of Zen Cart Online Shoppers

1886 0

Web application security firm High-Tech Bridge  notified Zen Cart, one of the largest online  store management systems, of a critical flaw that comes at a time when online retailers witness high sales with Black Friday and Christmas  shopping.

The detected vulnerability allows remote attackers to execute arbitrary code on the vulnerable web applications with privileges of the web server, compromise entire web application databases (including all customers’ data), and place malware on the vulnerable website. The vendor has been already notified about the issue.

Zen Cart is being used on hundreds of thousands live e-commerce websites. Ilia Kolochenko, High-Tech Bridge’s CEO and Chief Architect of ImmuniWeb have the following comments on it.

Ilia Kolochenko, CEO of High-Tech Bridge and Chief Architect of ImmuniWeb :

“Critical flaws in such popular software are very rare these days. Typically, popular e-commerce web applications are prone to medium-risk XSSs or CSRFs, or to more dangerous vulnerabilities that however requires very specific conditions of exploitation, or chained exploitation together with other vulnerabilities.

“This case is a good example and confirmation that continuous security testing is critical to keep modern online retailers safe. Quarterly vulnerability scanning and a WAF are definitely good, but not enough anymore. We hope that the patch will be released shortly, and we strongly  recommend to all administrators of affected systems to apply it as soon as possible.”

About Ilia Kolochenko
Ilia KolochenkoIlia Kolochenko is the founder of web security company High-Tech Bridge and a chief architect of ImmuniWeb® web application security# platform. Ilia previously worked as a penetration tester, IT security expert and manager for various financial institutions in Switzerland and Central Europe. Ilia holds a bachelor degree with honors in Mathematics and Computer Science. Ilia also has a military background from Swiss artillery troops where he served prior to creating High-Tech Bridge

If you are an expert on this topic:

Submit Your Expert Comments

In this article