Version: Zen Cart 1.3.8a

This version is increasingly vulnerable.

Today I received messages from 2 past clients reporting "odd" behaviour, as communicated via the web-host:

Hello,

During a recent security scan on the server we perform to protect accounts, we found the following suspicious script on your account:

-----
User: x x x x x
System: x x x x x

Viewscan found the following security issues:

Script: /home/x x x x x x /public_html/count.php
Reason: r57 shell viewer

Script: /home/x x x x x x /public_html/images/profile.php
Reason: r57 shell viewer
Both clients did not take advantage of our offer to upgrade to 1.3.9.

Now they have problems...