CubeCart Forums: CubeCart < 4.3.5 Session Vulnerability - CubeCart Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

CubeCart < 4.3.5 Session Vulnerability 4.3.5 is patched already

#1 User is offline   Al 

  • Group: Staff
  • Posts: 4,120
  • Joined: 09-April 03

Post icon  Posted 02 November 2009 - 09:16 AM

A CubeCart admin session vulnerability was reported to us last week and was quickly patched in CubeCart 4.3.5. In true error we failed to mention this in the release notes. This exploit is not that easy to replicate so only an experienced hacker would be able to cause harm.

We wish to make a formal apology about this as we had absolutely no intention to mask this from our customers. We pride ourselves on honest and responsible and we are sincerely very sorry.

To patch your store please upgrade to CubeCart 4.3.5 or simply upload the attached files over your existing one.

/classes/session/cc_admin_session.php
Attached File  cc_admin_session.php (6.13K)
Number of downloads: 151

Please note that this does not affect CubeCart version 3.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users