Description
Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests.
Remediation
References
Related Vulnerabilities
WordPress Plugin Catchers Helpdesk and Ticket system for Support Cross-Site Scripting (1.0.3)
IBM WebSEAL URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-1489)
WordPress Plugin PDF & Print by BestWebSoft Cross-Site Scripting (1.9.3)
MySQL CVE-2013-1502 Vulnerability (CVE-2013-1502)
WordPress Plugin Cryptocurrency Donation Box-Bitcoin & Crypto Donations Security Bypass (1.7)