Zen Cart Plugin Downloads
& Development Services

05-12-2016 Patch for Admin Privilege Escalation issue v150-v155


Add to Cart:


This is a service provided by PRO-Webs Inc. for Zen Cart


Zen Cart Admin Privilege Escalation Patch

This patch is for Zen Cart versions 1.5.0 to 1.5.5.

The following patch will be installed for your Zen Cart versions 1.5.0 through 1.5.5, excluding 1.5.5a in which the patch is already present.

It has come to the attention of the Zen Cart team that there existed a potential admin privilege escalation issue, whereby logged-in admin users of Zen Cart versions 1.5.0 to v1.5.5 (pre v1.5.5a) could change their own user profile permissions if they engaged in some hackery.

This only poses a risk when multiple admin users exist in the store AND some have been assigned a profile restricting their privileges to disallow access to certain admin sections -  AND they have some malicious desire to gain access to changing their settings or to view data against from which they've been restricted.

The fix is simple: copy the Zen Cart v1.5.5a version of /admin/admin_account.php to replace your existing /(your-renamed-admin)/admin_account.php file. This file must be merged if you have edited it for any reason.

There are no database changes, some core file edits. In order to complete this installation we will need FTP credientials. Do not put these credentials in checkout or email, we will send you a secure form to collect the necessary information.


Download Details

  • Item Number: 05-20-2016
  • Price: $36
  • Payments Accepted: PayPal, Visa, MasterCard, Discover
  • Available at: ZenCart.codes