Zen Cart 'extras/curltest.php' Information Disclosure Vulnerability Network Vulnerability

Summary

Zen Cart is prone to an information-disclosure vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to view local files in the context of the webserver process. This may allow the attacker to obtain sensitive information other attacks are also possible.

References

http://www.acunetix.com/blog/websecuritynews/acusensor-curl-and-zen-cart/
http://www.securityfocus.com/bid/37283
http://www.zen-cart.com/
http://www.zen-cart.com/forum/showthread.php?t=142784

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4321

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
Apache Tomcat Login Constraints Security Bypass Vulnerability
Apache mod_proxy_ajp Information Disclosure Vulnerability

Take action and discover your vulnerabilities