Description

extras/ipn_test_return.php in Zen Cart allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.

Remediation

References

CVE-2009-4322

Related Vulnerabilities

WordPress Plugin BuddyStream Multiple Cross-Site Scripting Vulnerabilities (2.6.2)

WordPress Plugin PowerPress Podcasting by Blubrry Malicious Code (11.9.4)

MySQL CVE-2020-14861 Vulnerability (CVE-2020-14861)

Apache Tomcat Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2021-41079)

WordPress 5.9.x Shortcode Execution (5.9 - 5.9.6)

Severity

Medium

Classification

CVE-2009-4322 CWE-200

Tags

Missing Update Known Vulnerabilities