CVE-2009-4321

Zen Cart <1.3.8-1.3.8a - Info Disclosure

Title source: llm
STIX 2.1

Description

extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly other versions, allows remote attackers to read arbitrary files via a file:// URI. NOTE: some of these details are obtained from third party information.

References (8)

Core 8
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3474
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/60892
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/37283
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54687
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/508340/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37630

Scores

EPSS 0.0247
EPSS Percentile 82.6%

Details

CWE
CWE-20
Status published
Products (2)
zen-cart/zen_cart 1.3.8
zen-cart/zen_cart 1.3.8a
Published Dec 14, 2009
Tracked Since Feb 18, 2026