Description
Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests.
Remediation
References
Related Vulnerabilities
WordPress Plugin Coming soon and Maintenance mode Cross-Site Scripting (3.5.2)
WordPress Plugin UnGallery Local File Disclosure (1.5.8)
WordPress Plugin ThinkTwit Cross-Site Scripting (1.7.0)
PHP Other Vulnerability (CVE-2015-8880)
WordPress Plugin Import and export users and customers CSV Injection (1.16.3.5)