Announcements
CubeCart V4 Security Patch, Possible SQL Injection Security Update
04/06/2010 11:46
CORE Security Advisories Team have found an SQL injection vulnerability in all current versions of CubeCart 4. The issue concerns a possible SQL injection vulnerability on the shipping method selection drop down box during the checkout process.
This will be patched in CubeCart 4.4.0 which will be released later today.
To secure your store please follow the instructions below or upgrade your store to CubeCart V4.4.0.
Instructions:
Open: /includes/content/cart.inc.php
Find:
if(isset($_POST['shipKey']) && $_POST['shipKey']>0) {
$cart->setVar($_POST['shipKey'],"shipKey");
// lose post vars
$refresh = true;
}
Replace with:
if(isset($_POST['shipKey']) && (int)$_POST['shipKey']>0) {
$cart->setVar((int)$_POST['shipKey'],'shipKey');
// lose post vars
$refresh = true;
}
Full details about this patch can be found at: http://forums.cubecart.com/index.php?showtopic=41469
