Getting Errors from catalogue.class.php After Upgrade

[traylor23]

Title says it all. Attached is my error log. Threw it up in comparison tool, and it was the same as the freshly downloaded version. My orders have screeched to a halt. Not sure if this is a cause, or if it is coincidental.

[bsmither]

Unfortunately, the image is too blurry to read.

Please copy/paste the text into a post.

 

[traylor23]

I think this is the bulk of the ones that are repeating. Thanks for looking!

File: [catalogue.class.php] Line: [2094] "SELECT I.* FROM CubeCart_inventory AS I LEFT JOIN (SELECT product_id, MAX(price) as price, MAX(sale_price) as sale_price FROM CubeCart_pricing_group WHERE group_id = 0 GROUP BY product_id) as G ON G.product_id = I.product_id WHERE I.product_id IN (SELECT product_id FROM `CubeCart_category_index` as CI INNER JOIN CubeCart_category as C where CI.cat_id = C.cat_id AND C.status = 1) AND I.status = 1 AND ((I.stock_level > 0 AND I.use_stock_level = 1) OR I.use_stock_level = 0) AND (I.name RLIKE '[[:<:]]jEGY/**/ORDER/**/BY/**/6415--/**/NTLs[[:>:]]' OR I.description RLIKE '[[:<:]]jEGY/**/ORDER/**/BY/**/6415--/**/NTLs[[:>:]]' OR I.product_code RLIKE '[[:<:]]jEGY/**/ORDER/**/BY/**/6415--/**/NTLs[[:>:]]') ORDER BY `name` ASC LIMIT 500 OFFSET 0 " - Got error 'repetition-operator operand invalid' from regexp
 

File: [catalogue.class.php] Line: [1974] "SELECT `id` FROM `CubeCart_manufacturers` WHERE `name` LIKE '%jEGY'/**/ORDER/**/BY/**/5459--/**/DtDf%' ;" - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1 File: [catalogue.class.php] Line: [1974] "SELECT `id` FROM `CubeCart_manufacturers` WHERE `name` LIKE '%jEGY')/**/AND/**/3482=DBMS_PIPE.RECEIVE_MESSAGE(CHR(77)||CHR(85)||CHR(110)||CHR(102),15)/**/AND/**/('UlZF'='UlZF%' ;" - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')/**/AND/**/3482=DBMS_PIPE.RECEIVE_MESSAGE(CHR(77)||CHR(85)||CHR(110)||CHR(102),' at line 1 File: [catalogue.class.php] Line: [1974] "SELECT `id` FROM `CubeCart_manufacturers` WHERE `name` LIKE '%jEGY'/**/AND/**/3482=DBMS_PIPE.RECEIVE_MESSAGE(CHR(77)||CHR(85)||CHR(110)||CHR(102),15)/**/AND/**/'JbFw'='JbFw%' ;" - execute command denied to user 'ballcard'@'localhost' for routine 'DBMS_PIPE.RECEIVE_MESSAGE'   File: [catalogue.class.php] Line: [1974] "SELECT `id` FROM `CubeCart_manufacturers` WHERE `name` LIKE '%jEGY'/**/WAITFOR/**/DELAY/**/'0:0:15'/**/AND/**/'xFcc'='xFcc%' ;" - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WAITFOR/**/DELAY/**/'0:0:15'/**/AND/**/'xFcc'='xFcc%'' at line 1

[bsmither]

Of these posted above, it seems your search page is getting hit with attempts at breaking into the database. (This happens to everyone.)

CubeCart is constructing a search query, but the database says the query has errors in it.

Please make a test purchase - you can stop at actually entering your CC number - to determine if there is an actual problem.

[traylor23]

Interesting. I’ve had other types of intrusions, but not this. Been on CC for at least 10 years. Thanks for the feedback!