Black Friday Looms for Millions of Zen Cart Online Shoppers

By   ISBuzz Team
Writer , Information Security Buzz | Nov 29, 2015 09:00 pm PST

Web application security firm High-Tech Bridge  notified Zen Cart, one of the largest online  store management systems, of a critical flaw that comes at a time when online retailers witness high sales with Black Friday and Christmas  shopping.

The detected vulnerability allows remote attackers to execute arbitrary code on the vulnerable web applications with privileges of the web server, compromise entire web application databases (including all customers’ data), and place malware on the vulnerable website. The vendor has been already notified about the issue.

Zen Cart is being used on hundreds of thousands live e-commerce websites. Ilia Kolochenko, High-Tech Bridge’s CEO and Chief Architect of ImmuniWeb have the following comments on it.

[su_note note_color=”#ffffcc” text_color=”#00000″]Ilia Kolochenko, CEO of High-Tech Bridge and Chief Architect of ImmuniWeb :

“Critical flaws in such popular software are very rare these days. Typically, popular e-commerce web applications are prone to medium-risk XSSs or CSRFs, or to more dangerous vulnerabilities that however requires very specific conditions of exploitation, or chained exploitation together with other vulnerabilities.

“This case is a good example and confirmation that continuous security testing is critical to keep modern online retailers safe. Quarterly vulnerability scanning and a WAF are definitely good, but not enough anymore. We hope that the patch will be released shortly, and we strongly  recommend to all administrators of affected systems to apply it as soon as possible.”[/su_note]

[su_box title=”About Ilia Kolochenko” style=”noise” box_color=”#336588″][short_info id=’60198′ desc=”true” all=”false”][/su_box]

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x