Jump to content

CubeCart 6.5.5 Released - Minor Security Update

Recommended Posts

This release of CubeCart not only resolves a number of stability issues found in the previous version but patches a minor security vulnerability. We are grateful and thankful to Julio Araujo for reporting this so clearly and responsibly.

The security patch (GitHub issue #3570) prevents malicious .phar type files from being uploaded via the back office of the store. Please note that a bad actor would need to have successfully authenticated into the back office in order to take advantage of this vulnerability. On those grounds we do not consider this to be a significant threat. 

To patch this vulnerability please either upgrade to CubeCart 6.5.5 or amend the code in the security patch linked above. 

Download: CubeCart-6.5.5.zip

Link to comment
Share on other sites

  • Create New...