The mentioned vulnerabilities may be remedied by upgrading to v1.2.7: http://www.zen-cart.com/modules/ipb/index.php?showtopic=41626