Al Brookbanks

CubeCart 6.1.12 Released - Critical Security Update

Recommended Posts

Just before the weekend Robin Peraglie from RIPS Technologies reported a critical security hole in all current CubeCart version 6 releases.

All customers on our Technical Support & Management service plan have been contacted about this and 93% (with correct login on file) have been proactively patched over the weekend. If you are a client on this service plan who has been contacted to be told that we haven't been able to access your store, please login and update this information here as soon as you can and let us know. We will then get your store secured - please don't delay.

CubeCart version 6.1.12 has been released which patches this vulnerability. If you can't upgrade to this version please either;

  1. make the code changes published against Github Issue #1763
    -- or -- 
  2. download CubeCart 6.1.12 and replace the classes/admin.class.php file. 

Download: CubeCart-6.1.12.zip

At CubeCart we take security with utmost importance. We thank Robin for reporting this vulnerability responsibly and we hope that no CubeCart merchants are affected by this maliciously. 

Share this post


Link to post
Share on other sites