A vulnerability has been discovered in the admin section of v1.3.8 (and previous versions). To take advantage of this vulnerability any attacker must know the URL of your admin section
Please apply the following updates
1. RENAME YOUR ADMIN FOLDER !!!!!
Yes, if you haven’t already renamed your /admin/ folder, do it NOW!
Instructions can be found here: http://tutorials.zen-cart.com/index.php?article=33
2. APPLY THE SECURITY PATCH !!!
3. Subscribe yourself to the Zen Cart Announcements mailing list:
4. Keep your site’s Zen Cart software up-to-date at all times. Numerous bugs, improvements, and security fixes are included in every new release. It is in your best interests to remain current.
Hope the above helps