Al Brookbanks Posted August 28, 2006 Share Posted August 28, 2006 (edited) Multiple XSS vulnerabilities, file inclusion and MySQL Injection (on servers with Register Globals On) have been bought to our attention in all versions up to 3.0.12. Please find the patch attached to this announcement which contains a change log for manual upgrade as well as the patched files. We take any reported security issues with utmost importance and investigate at the first possible opportunity. This dedication can be seen by the fact our office was officially close today due to the August Bank Holiday. We have released a patch within a few hours of receiving the report. Many thanks to all those who have been involved. We will release 3.0.13 later which includes this patch along with minor other changes. If you have already patched your store upgrade is not essential. *3.0.13 will be released tomorrow (Tuesday 28th August) if you currently download and install 3.0.12 or lower you will need to apply this patch* *3.0.13 will be delayed until we have a full 3rd party professional security audit carried out on CubeCart*CC_SecurityUpdate_28thAug06.zip Edited August 29, 2006 by Al Link to comment Share on other sites More sharing options...
Recommended Posts