Just announced this morning, the Zen Cart core team released a security patch for all versions back to 1.3.8. It addresses a possible sql injection in the product notifications code. This file needs uploading to every Zen Cart version - EVERY ONE! Contact me if you need assistance. I'm presently uploading this to everyone on my server and all my maintenance clients. The Zen Cart forum post is here with a link to the file:... Read more
