A security vulnerability has been reported for Zen Cart v1.5.7 and v1.5.7a, which is fixed by v1.5.7b (released today)

All stores using v1.5.7 or v1.5.7a should patch themselves immediately.

While your exposure is "limited" if your Admin directory name is unknown and not guessable, you still need to apply this patch ASAP.

If you are using v1.5.7a
then you can apply the changed files in this patch:
https://github.com/zencart/zencart/r...7a-to-157b.zip

If you are using v1.5.7 but not v1.5.7a yet,
then you can update in 2 stages:
1) if you have limited time, apply just the changes in this patch1 zip:
https://github.com/zencart/zencart/r...ity-patch1.zip
and then
2) handle the proper upgrade to v157b when you have a little more time available.

REMEMBER: In these zips the "admin" directory refers to whatever *your* renamed-admin directory name is. Use FTP or your hosting company's file manager to upload replacements of these files.

REMEMBER: For non-admin files, all template and module files that you have overrides for will need to be merged manually.