Portal HomeClient AreaAnnouncementsKnowledgebaseSupport TicketsDownloads

Announcements
You are here: Portal Home > Announcements > Zen Cart Users: 1.3.8

11/24/2009 12:47

Zen Cart Users: 1.3.8

URGENT! 

If you are using Zen Cart, you must immediately upgrade. 

Here's the reason:

* Title: Zen Cart "record_company.php" Remote Code Execution
* Description: Zen Cart is a PHP-based e-commerce application. The
application is exposed to an issue that attackers can leverage to execute
arbitrary code. This issue occurs in the "admin/record_company.php" script.
Specifically, the application fails to sufficiently sanitize user-supplied
input to the "frmdt_content" parameter of the "record_company_image" array.
Zen Cart version 1.3.8 is affected.
* Ref: http://www.zen-cart.com/forum/showthread.php?t=130161

The link provided at http://www.zen-cart.com/forum/showthread.php?t=130161
explains the issue in great detail.

While you are at the zen cart site, signup for their free mailing list to get updated on every upgrade they release.  This is an urgent matter to keep your sites protected from hackers.

 

<< Back

View RSS Feed