Al Brookbanks Posted October 30, 2023 Share Posted October 30, 2023 Many thanks to Gen Sato from Mitsui Bussan Secure Directions, Inc. for responsibly reporting a number of security issues found in all version of CubeCart up to 6.5.3. Please note that these vulnerabilities are executable if a bad actor has authenticated into the back end of the victims store. Vulnerabilities Directory traversal (any file download) - GitHub Issue #3410 Directory traversal (deletion of arbitrary files and directories) - GitHub Issue #3409 CSRF bypassing CSRF token checks - GitHub Issue #3408 OS Command Injection - This vulnerability concerns the ability for the Smarty template engine to be able to execute dangerous functions. e.g. {system('echo ^<?php phpinfo(); > C:/xampp/htdocs/testout.php')} No patch has been created for this vulnerability but instead we strongly recommend disabling dangerous PHP functions as recommended by our free CubeCart Security Suite. We suggest disabling the following PHP functions with your php.ini file then restarting the web server. disable_functions = exec, system, passthru, pcntl_exec, popen, proc_open, shell_exec This release also patches a number of other maintenance updates. Upgrading to 6.5.3 is highly recommended. If for some reason you are unable to upgrade to this version it is possible to find the code patches for each vulnerability within each GitHub issue above. If you require help, technical support is available. Download: CubeCart-6.5.3.zip Link to comment Share on other sites More sharing options...
Recommended Posts