CVE-2025-8771 | Zen Cart 2.1.0 index.php?cmd=sqlpatch missing authentication

Inserito da Angelo Barbosa | Ago 8, 2025 | CVE

A vulnerability classified as critical was found in Zen Cart 2.1.0. This vulnerability affects unknown code of the file /zencart/Horse-Kgc-fRizz/index.php?cmd=sqlpatch. The manipulation leads to missing authentication.

This vulnerability was named CVE-2025-8771. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-8771 | Zen Cart 2.1.0 index.php?cmd=sqlpatch missing authentication

Post correlati

CVE-2023-49108 | Sumitomo Electric Information Systems RakRak Document Plus up to 6.4.0.7 path traversal

CVE-2025-6939 | TOTOLINK A3002RU 3.0.0-B20230809.1615 HTTP POST Request /boafrm/formWlSiteSurvey submit-url buffer overflow

CVE-2023-50651 | Totolink X6000R 9.4.0cu.852_B20230719 /cgi-bin/cstecgi.cgi Privilege Escalation

CVE-2024-33051 | Qualcomm Snapdragon Auto up to QCC2073 Beacon Frame buffer over-read