ZenCart Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2009-4322
extras/ipn_test_return.php in Zen Cart allows remote attackers to obtain sensitive information via a direct request which reveals the installation path in an error message.