Immediate Zen Cart
 Module Downloads


05-12-2016 Patch for Admin Privilege Escalation issue v150-v155

$36.00


Add to Cart:



DEVELOPMENT SERVICE


This is a service provided by PRO-Webs Inc. for Zen Cart


Description

The following patch will be installed for your Zen Cart versions 1.5.0 through 1.5.5, excluding 1.5.5a in which the patch is already present.

It has come to the attention of the Zen Cart team that there existed a potential admin privilege escalation issue, whereby logged-in admin users of Zen Cart versions 1.5.0 to v1.5.5 (pre v1.5.5a) could change their own user profile permissions if they engaged in some hackery.

This only poses a risk when multiple admin users exist in the store AND some have been assigned a profile restricting their privileges to disallow access to certain admin sections -  AND they have some malicious desire to gain access to changing their settings or to view data against from which they've been restricted.

The fix is simple: copy the Zen Cart v1.5.5a version of /admin/admin_account.php to replace your existing /(your-renamed-admin)/admin_account.php file. This file must be merged if you have edited it for any reason.



          


Download Details

Offer
  • Item Number: 05-20-2016
  • Price: $36
  • Payments Accepted: PayPal, Visa, MasterCard, Discover
  • Available at: ZenCart.codes