Description

extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly other versions, allows remote attackers to read arbitrary files via a file:// URI. NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2009-4321

Related Vulnerabilities

PHP Other Vulnerability (CVE-2003-0863)

Artifactory Incorrect Authorization Vulnerability (CVE-2021-45730)

WordPress Plugin Forms:3rd-Party Inject Results Cross-Site Scripting (0.2)

MySQL CVE-2017-10320 Vulnerability (CVE-2017-10320)

Joomla Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2021-26038)

Severity

Medium

Classification

CVE-2009-4321 CWE-20

Tags

Missing Update Known Vulnerabilities