Jump to content

3.0.X Vulnerability Security Update


Al Brookbanks

Recommended Posts

It has come to our attention that there is a security problem in all versions of CubeCart prior to 3.0.7 which will be released later today.

This is an absolutely vital security patch which all store owners must apply.

Pease open the following files:

includes/orderSuccess.inc.php <-- Vital File to Patch

includes/content/viewProd.inc.php

includes/content/viewOrders.inc.php

includes/content/viewOrder.inc.php

includes/content/viewDoc.inc.php

includes/content/viewcat.inc.php

includes/content/unsubscribe.inc.php

includes/content/tellafriend.inc.php

includes/content/overWeight.inc.php

includes/content/noShip.inc.php

includes/content/newsletter.inc.php

includes/content/logout.inc.php

includes/content/login.inc.php

includes/content/index.inc.php

includes/content/gateway.inc.php

includes/content/forgotPass.inc.php

includes/content/dnExpire.inc.php

includes/content/confirmed.inc.php

includes/content/changePass.inc.php

includes/content/cart.inc.php

includes/content/account.inc.php

includes/boxes/siteDocs.inc.php

includes/boxes/shoppingCart.inc.php

includes/boxes/session.inc.php

includes/boxes/searchForm.inc.php

includes/boxes/saleItems.inc.php

includes/boxes/randomProd.inc.php

includes/boxes/popularProducts.inc.php

includes/boxes/mailList.inc.php

includes/boxes/language.inc.php

includes/boxes/info.inc.php

includes/boxes/currency.inc.php

includes/boxes/categories.inc.php

includes/boxes/cartNavi.inc.php

includes/session.inc.php

includes/currencyVars.inc.php

Find at around line 31:

if(!isset($config)){




or:


if(!isset($glob)){




Replace this with:


if (!ereg("index.php|cart.php|download.php|switch.php|confirmed.php",$_SERVER['PHP_SELF'])) {

Edited by brooky
Link to comment
Share on other sites

×
×
  • Create New...