Description
The installation for Zen Cart stores sensitive information and insecure programs under the (1) docs, (2) extras, and (3) zc_install folders, and (4) install.txt, which allows remote attackers to obtain sensitive information, delete the database, and conduct other attacks via a direct request, different vulnerabilities than CVE-2009-4321 and CVE-2009-4322.
Remediation
References
Related Vulnerabilities
WordPress Plugin Advanced Booking Calendar SQL Injection (1.6.1)
OpenSSL Improper Certificate Validation Vulnerability (CVE-2023-0466)
PHP Resource Management Errors Vulnerability (CVE-2007-4660)
WordPress Plugin WP Link To Us Multiple Cross-Site Scripting Vulnerabilities (2.0)
WordPress Plugin Download Manager Multiple Cross-Site Scripting Vulnerabilities (3.2.48)