Description

Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests.

Remediation

References

CVE-2006-0697

Related Vulnerabilities

WordPress Plugin Rating by BestWebSoft Cross-Site Scripting (0.1)

WordPress Plugin ALO EasyMail Newsletter Cross-Site Request Forgery (2.9.2)

Apache HTTP Server Other Vulnerability (CVE-2002-0840)

Ruby on Rails Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2016-2097)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-23171)

Severity

Critical

Classification

CVE-2006-0697 CWE-264

Tags

Missing Update Known Vulnerabilities