Running Magento 1.9.0.0 today is highly risky. To secure your site, consider the following:
Repositories such as gwillem/magento-security-resources track community-sourced security checklists and vulnerability databases. Protection and Mitigation magento 1900 exploit github link
A critical vulnerability where attackers can execute arbitrary code on the server through the PHP mail() function. GitHub security advisories like GHSA-26hq-7286-mg8f provide details on how this affects Zend Framework 1, which Magento 1 uses. Running Magento 1
For versions below 1.9.0.1, authenticated users with certain permissions could execute remote code via import features or malicious XML layout updates. How to Find Exploit Links on GitHub magento 1900 exploit github link