Zen Cart Arbitrary Code Execution Vulnerability

Summary
The host is running Zen Cart and is prone to Arbitrary Code Execution vulnerability.
Impact
Successful exploitation will let the remote attacker to execute SQL commands or arbitrary code by uploading a .php file, and compromise the application, or exploit latent vulnerabilities in the underlying database. Impact Level: Application
Solution
Apply security patch from below link, http://www.zen-cart.com/forum/attachment.php?attachmentid=5965
Insight
- Error in admin/sqlpatch.php file due to lack of sanitisation of the input query sting passed into the 'query_string' parameter in an execute action in conjunction with a PATH_INFO of password_forgotten.php file. - Access to admin/record_company.php is not restricted and can be exploited via the record_company_image parameter in conjunction with a PATH_INFO of password_forgotten.php, then accessing this file via a direct request to the file in images/.
Affected
Zen Cart version 1.3.8a and prior
References