CVE-2005-3997

Name of the Vulnerable Software and Affected Versions Zen Cart versions 1.2.6d and earlier

Description The issue allows remote attackers to obtain sensitive information via direct requests to certain files in the admin/includes directory. This includes files such as graphs/banner daily.php, graphs/banner infobox.php, graphs/banner yearly.php, graphs/banner monthly.php, application bottom.php, attributes preview.php, modules/category product listing.php, modules/copy to confirm.php, modules/delete product confirm.php, and modules/move product confirm.php. The resulting error message leaks the web server path.

Recommendations For Zen Cart versions 1.2.6d and earlier, restrict access to the admin/includes directory to minimize the risk of exploitation. Consider implementing proper access controls and configuring the web server to prevent direct requests to sensitive files.