Description
Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.
Remediation
References
Related Vulnerabilities
OpenSSL Improper Certificate Validation Vulnerability (CVE-2019-1552)
WordPress Plugin Simple Feature Requests Free Unspecified Vulnerability (1.0.4)
WordPress Plugin Essential Grid Portfolio-Photo Gallery Security Bypass (1.1.2)
WordPress Plugin Media File Renamer-Auto & Manual Rename Cross-Site Scripting (1.7.0)