Al Brookbanks Posted February 14, 2005 Share Posted February 14, 2005 Hi, We have released CubeCart 2.0.5 to fix possible Directory Transversal, Path Disclosure and Cross Site Scripting. This is a very important update and we very strongly recommend every CubeCart user to update their software. To fix this security whole follow the instructions in the download package or the instructions below: ################################# ## START OF MANUAL FIX ################################# Files to edit: 1. admin/settings.inc.php /////////////////////////////// // Open admin/settings.inc.php //////// At around line 129 find: +---------------------------------------------------- if ($language) +---------------------------------------------------- Replace with: +---------------------------------------------------- if ($language && eregi("^[a-z0-9]+[.inc.php]",$language)) +---------------------------------------------------- 2. ver.php /////////////////////////////// // Open ver.php //////// Find +---------------------------------------------------- <?php $estore_ver="2.0.4"; ?> +---------------------------------------------------- Replace it with: +---------------------------------------------------- <?php $estore_ver="2.0.5"; ?> +---------------------------------------------------- ################################# ## END OF MANUAL FIX ################################# Please note that some of the proprietory labels have also changed in our download package following the incorporation of Brooky.com as Devellion Limited. Link to comment Share on other sites More sharing options...
Recommended Posts