KissMyCart.net

CORE Security Advisories Team have found an SQL injection vulnerability in all current versions of CubeCart 4. The issue concerns a possible SQL injection vulnerability on the shipping method selection drop down box during the checkout process.

This will be patched in CubeCart 4.4.0 which will be released later today.

To secure your store please follow the instructions below or upgrade your store to CubeCart V4.4.0.

Instructions:

Open: /includes/content/cart.inc.php

Find:

if(isset($_POST['shipKey']) && $_POST['shipKey']>0) {

$cart->setVar($_POST['shipKey'],"shipKey");
// lose post vars
$refresh = true;

}

Replace with:

if(isset($_POST['shipKey']) && (int)$_POST['shipKey']>0) {

$cart->setVar((int)$_POST['shipKey'],'shipKey');
// lose post vars
$refresh = true;

}

Full details about this patch can be found at: http://forums.cubecart.com/index.php?showtopic=41469