While implementing the latest security patch, I discovered that two of my subdirectories seem to be not protected by .htaccess and thus instead of producing a blank web page, it produces a "live" web page (with content, links, etc.).
The two subdirectories are:
1. /editors/htmlarea/
2. /editors/htmlarea/examples/
I checked some other zen-cart based stores on the web to see if they exhibit the same behavior and they do (i.e. this seems to be zen-cart's default, not specific to my site).
Is this a potential security problem?
Or is this by design?
Thanks.
Bookmarks