Update
We will completely patch your Zen Cart version 1.3.8 with the following patches and security fixes as set forth by Zen Cart.
This service includes additional security settings and Zen Cart services as noted below:
- Admin Security Patch June 12, 2008 – A security vulnerability in Zen Cart v1.3.x was announced on a few Security Forums (10-JUL-2008). This purported to be a Local File Inclusion vulnerability in 2 scripts in the Zen Cart Admin.
- Injection Protection Patch September 19, 2008 – A vulnerability in Zen Cart has been identified which could potentially allow rogue behavior if the site has magic_quotes_gpc turned off in their server/site’s PHP settings.
- Admin Security Patch June 19, 2009 – A vulnerability has been discovered in the admin section of v1.3.8 (and previous versions). To take advantage of this vulnerability any attacker must know the URL of your admin section. As our security recommendations point out, you should change the folder that your admin resides in as soon as you installed Zen Cart.
- PCI Patch for Low Priority Warnings on Search June 27, 2009 – There are some reports of sites failing PCI scans due to an error message that can appear on the search screen if someone attempts to do a SQL injection attack. While the attack fails, an error message appears which, to the purists, discloses the name of the database table and thus gets flagged as a problem. While it’s a minor issue and poses no actual direct vulnerability, the PCI scan will fail.
- The write ability (file permissions) for your Zen Cart configure and other installation files will be verified proper and corrected if need be and possible.
- We will verify the deletion of your Zen Cart installation folder and rename your admin directory.
- We will check your Zen Cart configuration for common security misconfiguration and repair/advise as possible.
- IMPORTANT Security Alert: Remove extra folders from your server after install 11/28/2009
- XSS protection patch - 11/30/2009 - While XSS or CSRF attacks are difficult to trigger and may not manifest very often, it is still important to protect against the ill effects which could be caused by them.
Note that this service requires full access to complete, this includes hosting control panel, FTP and Zen Cart admin. DO NOT send your information in the comments of your order, we will send you a secure form to provide your information.
This services is NOT available for Windows servers and some Cloud and Plesk Hosting Environments may have additional fees to complete the work. If this is the case you will be notified upfront of the additional cost and can request to cancel you order if you like at that time. This service is currently ONLY available for 1.3.8, as you are recommended to upgrade to maintain a secure shopping environment and PCI compliance.
