Jump to content

Security Update FCKEditor connector.php


Recommended Posts

It has been bought to my attention that there is a vulnerability in all CubeCart versions including 3.0.9.

To fix this issue please upgrade your store by replacing connector.php with the one attached:

/admin/includes/rte/editor/filemanager/browser/default/connectors/php/connector.php

OR follow these instructions:

Open: /admin/includes/rte/editor/filemanager/browser/default/connectors/php/connector.php

After (around line 26):

include('commands.php');




Add:
// Make sure admin session is present

include("../../../../../../../../../includes/ini.inc.php");

include("../../../../../../../../../includes/global.inc.php");

require_once("../../../../../../../../../classes/db.inc.php");

$db = new db();

include("../../../../../../../../../includes/functions.inc.php");

$config = fetchDbConfig("config");



include_once("../../../../../../../../../language/".$config['defaultLang']."/lang.inc.php");

$enableSSl = 1;

include_once("../../../../../../../../../includes/sslSwitch.inc.php");



include("../../../../../../../../includes/auth.inc.php");

connector.php

Link to comment
Share on other sites

×
×
  • Create New...