Description
Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests.
Remediation
References
Related Vulnerabilities
WordPress Plugin Conditional Marketing Mailer for WooCommerce Cross-Site Request Forgery (1.5.2)
WordPress Plugin Question and Answer Forum 'title' Variable Cross-Site Scripting (1.2.4)
WordPress Plugin WordPress Filter Gallery Security Bypass (0.0.6)
WordPress Plugin Paid Business Listings Blind SQL Injection (1.0.2)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6635)