On 6/21/2009 the Zen Cart development team posted the following security vulnerability patch. (Security Patch)
The patch is to a vulnerability discovered in the administration section of Zen Cart 1.3.8a, but apples to all 1.3.X and 1.2.X installations.
1.3.X Zen Cart owners are advised to apply the patch which contains one core file overwrite immediately. The patch package contains instructions to merge the data in to the html_output.php should customization exist in that file.
1.2.X Zen Cart owners are advised that the best course of action is to upgrade to the current stable release 1.3.8a, but that the patch file alone (includes/function/extra_functions/security_patch_v138_20090619.php) contained in the patch release is compatable with the 1.2.X versions and should be applied as a safety measure. Note that upgrading is the only correct way to secure your 1.2.X Zen Cart installation and that this workaround is in no way a completely satisfactory route to take.
Leave a Reply
You must be logged in to post a comment.