Al Brookbanks Posted December 29, 2005 Share Posted December 29, 2005 (edited) It has come to our attention that there is a security problem in all versions of CubeCart prior to 3.0.7 which will be released later today. This is an absolutely vital security patch which all store owners must apply. Pease open the following files: includes/orderSuccess.inc.php <-- Vital File to Patch includes/content/viewProd.inc.php includes/content/viewOrders.inc.php includes/content/viewOrder.inc.php includes/content/viewDoc.inc.php includes/content/viewcat.inc.php includes/content/unsubscribe.inc.php includes/content/tellafriend.inc.php includes/content/overWeight.inc.php includes/content/noShip.inc.php includes/content/newsletter.inc.php includes/content/logout.inc.php includes/content/login.inc.php includes/content/index.inc.php includes/content/gateway.inc.php includes/content/forgotPass.inc.php includes/content/dnExpire.inc.php includes/content/confirmed.inc.php includes/content/changePass.inc.php includes/content/cart.inc.php includes/content/account.inc.php includes/boxes/siteDocs.inc.php includes/boxes/shoppingCart.inc.php includes/boxes/session.inc.php includes/boxes/searchForm.inc.php includes/boxes/saleItems.inc.php includes/boxes/randomProd.inc.php includes/boxes/popularProducts.inc.php includes/boxes/mailList.inc.php includes/boxes/language.inc.php includes/boxes/info.inc.php includes/boxes/currency.inc.php includes/boxes/categories.inc.php includes/boxes/cartNavi.inc.php includes/session.inc.php includes/currencyVars.inc.php Find at around line 31: if(!isset($config)){ or: if(!isset($glob)){ Replace this with: if (!ereg("index.php|cart.php|download.php|switch.php|confirmed.php",$_SERVER['PHP_SELF'])) { Edited December 29, 2005 by brooky Link to comment Share on other sites More sharing options...
Recommended Posts