Jump to content

CubeCart 2.0.5 Released


Al Brookbanks
 Share

Recommended Posts

Hi,

We have released CubeCart 2.0.5 to fix possible Directory Transversal, Path Disclosure and Cross Site Scripting.

This is a very important update and we very strongly recommend every CubeCart user to update their software.

To fix this security whole follow the instructions in the download package or the instructions below:

#################################

## START OF MANUAL FIX 

#################################



Files to edit:



1. admin/settings.inc.php



///////////////////////////////

// Open admin/settings.inc.php

////////



At around line 129 find:

+----------------------------------------------------

if ($language)

+----------------------------------------------------



Replace with:

+----------------------------------------------------

if ($language && eregi("^[a-z0-9]+[.inc.php]",$language))

+----------------------------------------------------



2. ver.php

///////////////////////////////

// Open ver.php

//////// 

Find

+----------------------------------------------------

<?php

$estore_ver="2.0.4";

?>

+----------------------------------------------------



Replace it with:

+----------------------------------------------------

<?php

$estore_ver="2.0.5";

?>

+----------------------------------------------------



#################################

## END OF MANUAL FIX

#################################

Please note that some of the proprietory labels have also changed in our download package following the incorporation of Brooky.com as Devellion Limited.

Link to comment
Share on other sites

 Share

×
×
  • Create New...