Description
extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly other versions, allows remote attackers to read arbitrary files via a file:// URI. NOTE: some of these details are obtained from third party information.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2006-1875 Vulnerability (CVE-2006-1875)
WordPress Plugin Hitasoft FLV Player 'id' Parameter SQL Injection (1.1)
MySQL CVE-2019-2741 Vulnerability (CVE-2019-2741)
WordPress Plugin SendPress Newsletters Cross-Site Scripting (1.20.7.10)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2017-17485)