Results 1 to 2 of 2
  1. #1

    Zen Cart Security Vulnerability Alert + Patch

    I just got this email from the Zen Cart Team, I thought it would be a good idea to share it with the rest of the community.

    Please pardon this mass email. If you are running a Zen Cart store, it's important that you read this message and take action immediately.

    A vulnerability has been discovered in the admin section of v1.3.8 (and previous versions). To take advantage of this vulnerability any attacker must know the URL of your admin section. As our security recommendations point out, you should change the folder that your admin resides in as soon as you installed Zen Cart.

    SO -- THE FIRST STEP YOU **NEED** TO TAKE is to rename your /admin/ folder!

    However we realise that relying on this 'Security through Obscurity' is not foolproof, hence the release of a patch, which can be downloaded from the Zen Cart Support forum, here:

    The zip file there contains a readme.html with full details on how to install the security patch files. The security patch uses Zen Cart's override system to make installation as simple as possible.

    The security patch will work for previous versions in the 1.3.x series.

    Older releases i.e v1.2.x are no longer supported and the patch has not been fully tested on those versions, however some parts of the patch should still work with v1.2.x (again see the readme.html file). However we strongly advise anyone using the 1.2.x versions to upgrade to 1.3.8 as soon as possible.

    The Zen Cart Team takes security matters very seriously. But security is only as good as those who follow posted recommendations. Please apply the appropriate patches and security measures promptly, for your own benefit.

    SUMMARY: Your Action Steps are:

    Yes, if you haven't already renamed your /admin/ folder, do it NOW!
    Instructions can be found here:


    3. Subscribe yourself to the Zen Cart Announcements mailing list:

    4. Keep your site's Zen Cart software up-to-date at all times. Numerous bugs, improvements, and security fixes are included in every new release. It is in your best interests to remain current.

    The Zen Cart Team
    █ Wafer VPS
    US North Carolina Based
    Self-Managed OpenVZ VPS Hosting
    Check out our offers!

  2. #2
    Join Date
    Jun 2001
    Chicago, IL
    Beat me to it. I got that at about 2 am last night right as I went to bed. Thank god it only took like a minute to install I was in no mood to do any complicated fix. I am just happy I gave them a legit email address otherwise I would have been dead in the water, heh
    Chicago Electronic Cigarettes: Tobacco Free, Smoke Free. 3 E-Cig Models, 11 flavors, and accessories.

Similar Threads

  1. JPEG security vulnerability... Really...[Merged]
    By BigBison in forum Web Design and Content
    Replies: 28
    Last Post: 11-18-2004, 07:28 PM
  2. EXIM Security vulnerability - upgrade!
    By phpdeveloper in forum Hosting Security and Technology
    Replies: 27
    Last Post: 05-12-2004, 06:08 PM
  3. is ther a fix for the IE security patch
    By sparianzo in forum Hosting Software and Control Panels
    Replies: 4
    Last Post: 02-12-2004, 08:21 PM
  4. Win2k security patch
    By Serverplan in forum Hosting Security and Technology
    Replies: 3
    Last Post: 03-15-2003, 05:27 PM
  5. PHP Security vulnerability
    By aqhunter in forum Hosting Security and Technology
    Replies: 5
    Last Post: 02-22-2003, 08:29 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts