CVE-2009-4322
Zen Cart - Exposure of Sensitive Information via Direct Request to extras/ipn_test_return.php
Title source: llmDescription
extras/ipn_test_return.php in Zen Cart allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
References (3)
Core 3
Core References
Exploit x_refsource_misc
http://www.acunetix.com/blog/websecuritynews/acusensor-curl-and-zen-cart/
Exploit x_refsource_misc
http://www.zen-cart.com/forum/showthread.php?t=142784
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/508340/100/0/threaded
Scores
EPSS
0.0132
EPSS Percentile
67.4%
Details
CWE
CWE-200
Status
published
Products (1)
zen-cart/zen_cart
Published
Dec 14, 2009
Tracked Since
Feb 18, 2026