Zen Cart 'extras/curltest.php' Information Disclosure Vulnerability

Zen Cart is prone to an information-disclosure vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to view local files in the context of the webserver process. This may allow the attacker to obtain sensitive information; other attacks are...

Zen Cart extras/curltest.php Information Disclosure

The installed version of Zen Cart includes a test script, 'extras/curltest.php', intended for testing that the curl PHP library is installed and working properly. It fails, though, to restrict access and can be abused to access arbitrary URLs, including local files via the 'file' protocol handler...