Jump to content

IMPORTANT: Security Patch

Al Brookbanks

Recommended Posts

Security Patch

A vulnerability report has been issued to us concerning XSS (Cross Site Scripting) and MySQL Injection vulnerabilities in all current versions of CubeCart.

Please see: http://bugs.cubecart.com/?do=details&id=523

We urge all to patch their stores at the first possible opportunity. This vulnerability is due to the fact certain variables are not properly sanitized.

This patch resolves the issues using the treatGet function already in place in the code.

To upgrade please download the file CubeCart_Patch_17Aug06.zip extract it and upload the contents over the files that already reside on your site. Manual upgrade instructions can be found in the file CubeCart_Patch_17Aug06_changelog.html which is also attached.

Even if you don't use the Authorize.net or Protx module you must update the files!

CubeCart 3.0.12

A new release will be made today which includes this patch and Spam Bot flood control protection as we have had reports of the tell a friend tool being abused. There will also be path upgrades in the PayPal SDK and other minor issues fixed.



Link to comment
Share on other sites

  • Create New...