Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests.Referenceshttp://www.vupen.com/english/advisories/2006/0546http://secunia.com/advisories/18801http://sourceforge.net/project/shownotes.php?release_id=392886
