CubeCart Forums: 3.0.0 - 3.0.6 Vulnerability Fix - CubeCart Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

3.0.0 - 3.0.6 Vulnerability Fix admin/filemanager/upload.php

#1 User is offline   Al 

  • Group: Staff
  • Posts: 4,120
  • Joined: 09-April 03

Posted 24 December 2005 - 10:20 AM

A vulnerability has been discovered which allows the execution of admin/filemanager/upload.php without an administration session present.

To fix this either upload the attached file over your existing file. Or follow the instructions below:

Open /admin/filemanager/upload.php with a text editor such as notepad.

Find line 31:
include("../../classes/gd.inc.php");


Directly after this add:
include("../includes/auth.inc.php");
if(permission("filemanager","write")==FALSE){
	header("Location: ".$GLOBALS['rootRel']."admin/401.php");
	exit;
}

Attached File(s)


This post has been edited by brooky: 24 December 2005 - 11:53 AM

0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users