Improper input validation in Zen-cart Zen_cart

CVE-2009-4321

extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly other versions, allows remote attackers to read arbitrary files via a file:// URI. NOTE: some of these details are obtained from third party information.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.025 (82.4th percentile) — read the EPSS interpretation.

Affected products

Zen-cart Zen_cart — versions 1.3.8, 1.3.8a
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

cve@mitre.org (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
cve@mitre.org (x_refsource_OSVDB, vdb-entry)
cve@mitre.org (vdb-entry, x_refsource_BID)
cve@mitre.org (vdb-entry, x_refsource_XF)
cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)