ALL VERSIONS of ZEN CART are affected

This security fix is regarded as low risk because hacker would need to have admin access.  However, it is always important to have all security fixes installed, whether valued as low or high risk.

“In a Nutshell” DETAILS

The popup page for additional images e.g. index.php?main_page=popup_image_additional accepts a GET parameter for products_image_large_additional.

Using a crafted URL an attacker can determine (via the html returned) whether a specific file exists on the server.  This flaw does not indicate the attacker can ACCESS the file, just find out if it exists on the server.

If you would like for us to install this fix on your website, please visit this page. Our charge is $25.

If you want more technical details or would like to install this fix yourself, instructions are included on the official Zen Cart website.

Leave a Reply

You must be logged in to post a comment.