CVE-2009-4322

Published: Dec 14, 2009Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

extras/ipn_test_return.php in Zen Cart allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.

Affected (1)

Products: Zen Cart: Zen Cart

Zen Cart

1 product

Zen Cart

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zen Cart Zen Cart	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://www.acunetix.com/blog/websecuritynews/acusensor-curl-and-zen-cart/

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/archive/1/508340/100/0/threaded

Source: cve@mitre.org

http://www.zen-cart.com/forum/showthread.php?t=142784

Source: cve@mitre.org

Exploit

http://www.acunetix.com/blog/websecuritynews/acusensor-curl-and-zen-cart/

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/archive/1/508340/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.zen-cart.com/forum/showthread.php?t=142784

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.