Zen Cart; Security Patch
Zen-Cart just released an important security patch. Here is the issue as stated by the Zen Cart team.
A vulnerability has been discovered in the admin section of v1.3.8 (and previous versions). To take advantage of this vulnerability any attacker must know the URL of your admin section. As our security recommendations point out, you should change the folder that your admin resides in as soon as you installed Zen Cart.
However we realise that relying on this ‘Security through Obscurity’ is not foolproof, hence the release of this patch.
A link to the patch file is posted below. Please download the patch file and unzip it. The zip file contains a readme.html with full details on how to install the security patch files. In the main, the security patch uses Zen Cart’s override system to make installation as simple as possible.
The security patch will work for previous versions in the 1.3.x series. Older releases i.e v1.2.x are no longer supported and the patch has not been fully tested on those versions, however some parts of the patch should still work with v1.2.x (again see the readme.html file). However we strongly advise anyone using the 1.2.x versions to upgrade to 1.3.8 as soon as possible.
Thanks to Ghyslain/BlackH for alerting us to one aspect of this vulnerability.
I highly suggest downloading the patched files and installing them or contacting a Zen Cart professional.
Via the Zen-cart.com forum.






