IPB

Welcome Guest ( Log In | Register )

Advertise Here Advertise Here

IMPORTANT NOTICE: These forums have been provided for customer to customer support/discussion. CubeCart staff members may not frequent these forums regularly so please do not expect an official reply. If you have a sales or support question please submit a ticket via our helpdesk and a member of staff will get back to you during office hours.

 
 Reply to this topicStart new topic
CubeCart < 4.3.5 Session Vulnerability, 4.3.5 is patched already
Al
post Nov 2 2009, 09:16 AM
Post #1



Group Icon

Group: Staff
Posts: 4,068
Joined: 9-April 03
From: Bishops Stortford, UK
Member No.: 1
A CubeCart admin session vulnerability was reported to us last week and was quickly patched in CubeCart 4.3.5. In true error we failed to mention this in the release notes. This exploit is not that easy to replicate so only an experienced hacker would be able to cause harm.

We wish to make a formal apology about this as we had absolutely no intention to mask this from our customers. We pride ourselves on honest and responsible and we are sincerely very sorry.

To patch your store please upgrade to CubeCart 4.3.5 or simply upload the attached files over your existing one.

/classes/session/cc_admin_session.php
Attached File  cc_admin_session.php ( 6.13K ) Number of downloads: 138


Please note that this does not affect CubeCart version 3.
Go to the top of the page
 
+Quote Post
« Next Oldest · News & Updates · Next Newest »
 

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

RSS Lo-Fi Version Time is now: 9th February 2010 - 02:35 AM