CubeCart 2.0.5 Released, Fixes Important Security Issue Options

[Al]

Hi,

We have released CubeCart 2.0.5 to fix possible Directory Transversal, Path Disclosure and Cross Site Scripting.

This is a very important update and we very strongly recommend every CubeCart user to update their software.

To fix this security whole follow the instructions in the download package or the instructions below:

CODE

#################################
## START OF MANUAL FIX
#################################

Files to edit:

1. admin/settings.inc.php

///////////////////////////////
// Open admin/settings.inc.php
////////

At around line 129 find:
+----------------------------------------------------
if ($language)
+----------------------------------------------------

Replace with:
+----------------------------------------------------
if ($language && eregi("^[a-z0-9]+[.inc.php]",$language))
+----------------------------------------------------

2. ver.php
///////////////////////////////
// Open ver.php
////////
Find
+----------------------------------------------------
<?php
$estore_ver="2.0.4";
?>
+----------------------------------------------------

Replace it with:
+----------------------------------------------------
<?php
$estore_ver="2.0.5";
?>
+----------------------------------------------------

#################################
## END OF MANUAL FIX
#################################

Please note that some of the proprietory labels have also changed in our download package following the incorporation of Brooky.com as Devellion Limited.