Jump to content

CubeCart 6.5.3 Released - Security Update


Al Brookbanks

Recommended Posts

Many thanks to Gen Sato from Mitsui Bussan Secure Directions, Inc. for responsibly reporting a number of security issues found in all version of CubeCart up to 6.5.3. Please note that these vulnerabilities are executable if a bad actor has authenticated into the back end of the victims store.

Vulnerabilities

  1. Directory traversal (any file download) - GitHub Issue #3410 
  2. Directory traversal (deletion of arbitrary files and directories) - GitHub Issue #3409
  3. CSRF bypassing CSRF token checks - GitHub Issue #3408
  4. OS Command Injection - This vulnerability concerns the ability for the Smarty template engine to be able to execute dangerous functions.

    e.g. 
    {system('echo ^<?php phpinfo(); > C:/xampp/htdocs/testout.php')}

    No patch has been created for this vulnerability but instead we strongly recommend disabling dangerous PHP functions as recommended by our free CubeCart Security Suite. We suggest disabling the following PHP functions with your php.ini file then restarting the web server. 

    disable_functions = exec, system, passthru, pcntl_exec, popen, proc_open, shell_exec

This release also patches a number of other maintenance updates

Upgrading to 6.5.3 is highly recommended. If for some reason you are unable to upgrade to this version it is possible to find the code patches for each vulnerability within each GitHub issue above. If you require help, technical support is available. 

Download: CubeCart-6.5.3.zip

 

Link to comment
Share on other sites

×
×
  • Create New...