Description

extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly other versions, allows remote attackers to read arbitrary files via a file:// URI. NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2009-4321

Related Vulnerabilities

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Multiple Vulnerabilities (4.1.2)

Drupal Core 5.x Local File Inclusion (5.0 - 5.15)

WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (7.1.04)

Magento Session Fixation Vulnerability (CVE-2019-7849)

Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-18084)

Severity

Medium

Classification

CVE-2009-4321 CWE-20

Tags

Missing Update Known Vulnerabilities