Zen Cart “Exploit” Prevention
Zen Cart is a popular e-commerce platform that many of our customers use.
Unfortunately, the current version of Zen Cart has a bug that allows “hackers” to take control of the Zen Cart software, which includes making changes to the Zen Cart database and installing new files. “Exploits” that take advantage of the bug have started circulating widely in the last 24 hours.
We’ve added rules to all our Web servers that block the two forms of attack we’re aware of (the “Zen Cart 1.3.8 Remote Code Execution Exploit” and the “Zen Cart 1.3.8 Remote SQL Execution Exploit”). This should protect our customers in the short term.
However, hackers may find new forms of the attack in the future. Because of that, Zen Cart users should apply the security patch Zen Cart is offering and make sure they’ve followed their security recommendations.