Jump to content

CubeCart Recommends

Photo

CubeCart 4.3.7 Released + Another Security Patch


This topic has been archived. This means that you cannot reply to this topic.
No replies to this topic

#1 Al

Al

    CubeCart Founder

  • Staff
  • 4,970 posts

Posted 18 November 2009 - 11:36 AM

CubeCart 4.3.7 has been released which patches a possible SQL injection vulnerability found by Sangte Amtham.

It is very straightforward to patch this vulnerability...

Method 1:
Upload the attached file over your existing includes/content/viewProd.inc.php file.
Attached File  viewProd.inc.php   25.35KB   148 downloads
Method 2:
Open includes/content/viewProd.inc.php and find at around line 34:
$_GET['productId'] = sanitizeVar($_GET['productId']);
Replace with:
$_GET['productId'] = (int)sanitizeVar($_GET['productId']);
Security is our number one concern and we are pleased that we have been able to release a patch to this issue the same day it has been made aware to us. Please subscribe to this forum or follow us on Twitter to learn of important CubeCart announcements quickly.