Al Brookbanks Posted April 24 Share Posted April 24 This release of CubeCart not only resolves a number of stability issues found in the previous version but patches a minor security vulnerability. We are grateful and thankful to Julio Araujo for reporting this so clearly and responsibly. The security patch (GitHub issue #3570) prevents malicious .phar type files from being uploaded via the back office of the store. Please note that a bad actor would need to have successfully authenticated into the back office in order to take advantage of this vulnerability. On those grounds we do not consider this to be a significant threat. To patch this vulnerability please either upgrade to CubeCart 6.5.5 or amend the code in the security patch linked above. Download: CubeCart-6.5.5.zip Link to comment Share on other sites More sharing options...
Recommended Posts