Intrusion Prevention

Zen.Cart.Record.Company.Code.Execution

Description

This indicates an attack attempt against a code-execution vulnerability in Zen Cart.
The vulnerability is caused by an error when the vulnerable software handles a malicious POST request. It allows a remote attacker to execute arbitrary code via sending a crafted web page.

Affected Products

Zen Cart 1.3.8 is vulnerable; other versions may also be affected.

Impact

System compromise

Recommended Actions

Apply the patch, available at the following web site:
http://www.zen-cart.com/forum/showthread.php?t=130161

CVE References

CVE-2009-2255