Jump to content

CubeCart < 4.3.5 Session Vulnerability


Al Brookbanks

Recommended Posts

A CubeCart admin session vulnerability was reported to us last week and was quickly patched in CubeCart 4.3.5. In true error we failed to mention this in the release notes. This exploit is not that easy to replicate so only an experienced hacker would be able to cause harm.

We wish to make a formal apology about this as we had absolutely no intention to mask this from our customers. We pride ourselves on honest and responsible and we are sincerely very sorry.

To patch your store please upgrade to CubeCart 4.3.5 or simply upload the attached files over your existing one.

/classes/session/cc_admin_session.php

cc_admin_session.php

Please note that this does not affect CubeCart version 3.

Link to comment
Share on other sites

×
×
  • Create New...