Application: Zen Cart
Affected Version: version 1.3.8a (full fileset 12112007) and other versions
Vendor’s URL: Zen Cart
Bug Type: File Inclusion
Risk Level: Critical

Solution:
The vendor recommends to delete the “extras” folder from the webroot.

E-Commerce, File Inclusion