Al Brookbanks Posted March 14, 2006 Share Posted March 14, 2006 It has been bought to my attention that there is a vulnerability in all CubeCart versions including 3.0.9. To fix this issue please upgrade your store by replacing connector.php with the one attached: /admin/includes/rte/editor/filemanager/browser/default/connectors/php/connector.php OR follow these instructions: Open: /admin/includes/rte/editor/filemanager/browser/default/connectors/php/connector.php After (around line 26):include('commands.php'); Add: // Make sure admin session is present include("../../../../../../../../../includes/ini.inc.php"); include("../../../../../../../../../includes/global.inc.php"); require_once("../../../../../../../../../classes/db.inc.php"); $db = new db(); include("../../../../../../../../../includes/functions.inc.php"); $config = fetchDbConfig("config"); include_once("../../../../../../../../../language/".$config['defaultLang']."/lang.inc.php"); $enableSSl = 1; include_once("../../../../../../../../../includes/sslSwitch.inc.php"); include("../../../../../../../../includes/auth.inc.php");connector.php Link to comment Share on other sites More sharing options...
Recommended Posts