Immediate Zen Cart
 Module Downloads

05-12-2016 Patch for Admin Privilege Escalation issue v150-v155


Add to Cart:


This is a service provided by PRO-Webs Inc. for Zen Cart


The following patch will be installed for your Zen Cart versions 1.5.0 through 1.5.5, excluding 1.5.5a in which the patch is already present.

It has come to the attention of the Zen Cart team that there existed a potential admin privilege escalation issue, whereby logged-in admin users of Zen Cart versions 1.5.0 to v1.5.5 (pre v1.5.5a) could change their own user profile permissions if they engaged in some hackery.

This only poses a risk when multiple admin users exist in the store AND some have been assigned a profile restricting their privileges to disallow access to certain admin sections -  AND they have some malicious desire to gain access to changing their settings or to view data against from which they've been restricted.

The fix is simple: copy the Zen Cart v1.5.5a version of /admin/admin_account.php to replace your existing /(your-renamed-admin)/admin_account.php file. This file must be merged if you have edited it for any reason.


Download Details

  • Item Number: 05-20-2016
  • Price: $36
  • Payments Accepted: PayPal, Visa, MasterCard, Discover
  • Available at: