Blackh

**Name of the Vulnerable Software and Affected Versions** Zen Cart versions 1.3.8a, 1.3.8, and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `query string` parameter in an execute action, in conjunction with a PATH INFO of "password forgotten.php". This is related to a SQL execution issue, where administrative authentication is not required for access to admin/sqlpatch.php. **Recommendations** For Zen Cart versions 1.3.8a, 1.3.8, and earlier, consider restricting access to the admin/sqlpatch.php file and require administrative authentication to mitigate the risk of SQL command execution. Avoid using the `query string` parameter in the execute action until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Zen Cart versions 1.3.8a, 1.3.8, and earlier **Description** The issue allows remote attackers to execute arbitrary code by uploading a .php file via the `record company image` parameter in conjunction with a PATH INFO of "password forgotten.php", then accessing this file via a direct request to the file in images/. **Recommendations** For Zen Cart versions 1.3.8a, 1.3.8, and earlier, consider restricting access to the admin/record company.php file and the images/ directory to prevent unauthorized file uploads and execution. As a temporary workaround, consider disabling the upload functionality for the record company image parameter until a patch is available.