Description
extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly other versions, allows remote attackers to read arbitrary files via a file:// URI. NOTE: some of these details are obtained from third party information.
Remediation
References
Related Vulnerabilities
Internet Information Services Other Vulnerability (CVE-1999-0407)
Oracle Database Server CVE-2011-0838 Vulnerability (CVE-2011-0838)
WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.14)
Kong Server Incorrect Authorization Vulnerability (CVE-2021-27306)
WordPress Plugin Fluid Responsive Slideshow Multiple Vulnerabilities (2.2.6)