3 matches found
Design/Logic Flaw
The installation for Zen Cart stores sensitive information and insecure programs under the 1 docs, 2 extras, and 3 zcinstall folders, and 4 install.txt, which allows remote attackers to obtain sensitive information, delete the database, and conduct other attacks via a direct request, different...
CVE-2009-4321
Zen Cart CVE-2009-4321 affects extras/curltest.php in Zen Cart 1.3.8/1.3.8a (and possibly other versions), allowing remote attackers to read arbitrary local files via a file:// URI. The root cause cited is insufficient sanitization of user-supplied data, enabling information disclosure through th...
CVE-2009-4321
extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly other versions, allows remote attackers to read arbitrary files via a file:// URI. NOTE: some of these details are obtained from third party information...