IMPORTANT: Security Patch - CubeCart Forums

IMPORTANT NOTICE: These forums have been provided for customer to customer support/discussion. CubeCart staff members may not frequent these forums regularly so please do not expect an official reply. If you have a sales or support question please submit a ticket via our helpdesk and a member of staff will get back to you during office hours.

CubeCart Forums > Site News > News & Updates

IMPORTANT: Security Patch, Affects all versions prior to 3.0.12 released later today

Options

Al View Member Profile	Aug 17 2006, 08:52 AM Post #1
Group: Staff Posts: 4,068 Joined: 9-April 03 From: Bishops Stortford, UK Member No.: 1	Security Patch A vulnerability report has been issued to us concerning XSS (Cross Site Scripting) and MySQL Injection vulnerabilities in all current versions of CubeCart. Please see: http://bugs.cubecart.com/?do=details&id=523 We urge all to patch their stores at the first possible opportunity. This vulnerability is due to the fact certain variables are not properly sanitized. This patch resolves the issues using the treatGet function already in place in the code. To upgrade please download the file CubeCart_Patch_17Aug06.zip extract it and upload the contents over the files that already reside on your site. Manual upgrade instructions can be found in the file CubeCart_Patch_17Aug06_changelog.html which is also attached. Even if you don't use the Authorize.net or Protx module you must update the files! CubeCart 3.0.12 A new release will be made today which includes this patch and Spam Bot flood control protection as we have had reports of the tell a friend tool being abused. There will also be path upgrades in the PayPal SDK and other minor issues fixed. Attached File(s) CubeCart_Patch_17Aug06.zip ( 13.79K ) Number of downloads: 34067 CubeCart_Patch_17Aug06_changelog.html ( 31.05K ) Number of downloads: 1066