Release DateAug 25, 2009 |
Severityhigh |
ImpactSystem compromise |
DescriptionThis indicates an attack attempt against a code-execution vulnerability in Zen Cart.The vulnerability is caused by an error when the vulnerable software handles a malicious POST request. It allows a remote attacker to execute arbitrary code via sending a crafted web page. |
Affected ProductsZen Cart 1.3.8 is vulnerable; other versions may also be affected. |
Recommended ActionsApply the patch, available at the following web site:http://www.zen-cart.com/forum/showthread.php?t=130161 |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2009-2255 |
Reference/shttp://www.securityfocus.com/bid/35467 (BugTraq) |
