Description

The installation for Zen Cart stores sensitive information and insecure programs under the (1) docs, (2) extras, and (3) zc_install folders, and (4) install.txt, which allows remote attackers to obtain sensitive information, delete the database, and conduct other attacks via a direct request, different vulnerabilities than CVE-2009-4321 and CVE-2009-4322.

Remediation

References

CVE-2009-4323

Related Vulnerabilities

WordPress Plugin Crowd Ideas Cross-Site Scripting (1.0)

Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-7873)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2101)

WordPress 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities (2.0 - 2.5.1)

ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-4393)

Severity

High

Classification

CVE-2009-4323

Tags

Missing Update Known Vulnerabilities