Description

extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly other versions, allows remote attackers to read arbitrary files via a file:// URI. NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2009-4321

Related Vulnerabilities

Python Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-4616)

WordPress Plugin Content text slider on post Cross-Site Scripting (6.8)

WordPress Plugin YITH WooCommerce Zoom Magnifier Security Bypass (1.3.11)

WordPress Plugin Tickera-WordPress Event Ticketing Unspecified Vulnerability (3.4.6.7)

WordPress Plugin Fast Secure Contact Form Cross-Site Scripting (4.0.35)

Severity

Medium

Classification

CVE-2009-4321 CWE-20

Tags

Missing Update Known Vulnerabilities