Description

Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests.

Remediation

References

CVE-2006-0697

Related Vulnerabilities

Jenkins Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1000864)

WordPress Plugin Cookie Consent for WP-Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) Cross-Site Scripting (3.2.0)

WordPress Plugin Easy Author Image Information Disclosure (1.5)

WordPress Plugin Chamber Dashboard Member Manager Cross-Site Scripting (2.0.5)

WordPress Plugin mb.YTPlayer for background videos Unspecified Vulnerability (1.7.2)

Severity

Critical

Classification

CVE-2006-0697 CWE-264

Tags

Missing Update Known Vulnerabilities