Jump to content

Getting Errors from catalogue.class.php After Upgrade


traylor23

Recommended Posts

I think this is the bulk of the ones that are repeating. Thanks for looking!

File: [catalogue.class.php] Line: [2094] "SELECT I.* FROM CubeCart_inventory AS I LEFT JOIN (SELECT product_id, MAX(price) as price, MAX(sale_price) as sale_price FROM CubeCart_pricing_group WHERE group_id = 0 GROUP BY product_id) as G ON G.product_id = I.product_id WHERE I.product_id IN (SELECT product_id FROM `CubeCart_category_index` as CI INNER JOIN CubeCart_category as C where CI.cat_id = C.cat_id AND C.status = 1) AND I.status = 1 AND ((I.stock_level > 0 AND I.use_stock_level = 1) OR I.use_stock_level = 0) AND (I.name RLIKE '[[:<:]]jEGY/**/ORDER/**/BY/**/6415--/**/NTLs[[:>:]]' OR I.description RLIKE '[[:<:]]jEGY/**/ORDER/**/BY/**/6415--/**/NTLs[[:>:]]' OR I.product_code RLIKE '[[:<:]]jEGY/**/ORDER/**/BY/**/6415--/**/NTLs[[:>:]]') ORDER BY `name` ASC LIMIT 500 OFFSET 0 " - Got error 'repetition-operator operand invalid' from regexp

 

File: [catalogue.class.php] Line: [1974] "SELECT `id` FROM `CubeCart_manufacturers` WHERE `name` LIKE '%jEGY'/**/ORDER/**/BY/**/5459--/**/DtDf%' ;" - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1

File: [catalogue.class.php] Line: [1974] "SELECT `id` FROM `CubeCart_manufacturers` WHERE `name` LIKE '%jEGY')/**/AND/**/3482=DBMS_PIPE.RECEIVE_MESSAGE(CHR(77)||CHR(85)||CHR(110)||CHR(102),15)/**/AND/**/('UlZF'='UlZF%' ;" - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')/**/AND/**/3482=DBMS_PIPE.RECEIVE_MESSAGE(CHR(77)||CHR(85)||CHR(110)||CHR(102),' at line 1

File: [catalogue.class.php] Line: [1974] "SELECT `id` FROM `CubeCart_manufacturers` WHERE `name` LIKE '%jEGY'/**/AND/**/3482=DBMS_PIPE.RECEIVE_MESSAGE(CHR(77)||CHR(85)||CHR(110)||CHR(102),15)/**/AND/**/'JbFw'='JbFw%' ;" - execute command denied to user 'ballcard'@'localhost' for routine 'DBMS_PIPE.RECEIVE_MESSAGE'
 
File: [catalogue.class.php] Line: [1974] "SELECT `id` FROM `CubeCart_manufacturers` WHERE `name` LIKE '%jEGY'/**/WAITFOR/**/DELAY/**/'0:0:15'/**/AND/**/'xFcc'='xFcc%' ;" - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WAITFOR/**/DELAY/**/'0:0:15'/**/AND/**/'xFcc'='xFcc%'' at line 1
Link to comment
Share on other sites

Of these posted above, it seems your search page is getting hit with attempts at breaking into the database. (This happens to everyone.)

CubeCart is constructing a search query, but the database says the query has errors in it.

Please make a test purchase - you can stop at actually entering your CC number - to determine if there is an actual problem.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...