Guest dudestore Posted March 8, 2006 Share Posted March 8, 2006 I was looking around and found the recent information about CC's file upload thing... "CubeCart Arbitrary File Upload Vulnerability" http://www.securityfocus.com/bid/16796 CubeCart Arbitrary File Upload Vulnerability Bugtraq ID: 16796 Class: Input Validation Error CVE: Remote: Yes Local: No Published: Feb 23 2006 12:00AM Updated: Feb 24 2006 07:02PM Credit: NSA Group is credited with the discovery of this vulnerability. Vulnerable: CubeCart CubeCart 3.0.7 -pl1 CubeCart CubeCart 3.0.6 CubeCart CubeCart 3.0.4 CubeCart CubeCart 3.0.3 Not Vulnerable: CubeCart CubeCart 3.0.7 I assume this is one of the fixed part which now in 3.0.8? Quote Link to comment Share on other sites More sharing options...
Guest gwizard Posted March 8, 2006 Share Posted March 8, 2006 Yes, it was fixed in 3.0.8. GET variables now treated for XSS style attack checks and it happenes in fileupload/index.php as well :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.