Critical Security Issue in CubeCart V5 and V6

Critical Security Issue in CubeCart V5 and V6

CubeCart E-Commerce

What versions of CubeCart are affected

Affected versions are 5.2.12 through to 6.0.6.

What is the security issue

If an administrator’s email is known to a hacker it may be possible to take control of the account and have complete access to the store’s control panel.

What steps should be taken

CubeCart have released a patch for affected V5 and V6 sites and these are available from here :

CubeCart v6 Patch: classes/admin.class.php
CubeCart v5 Patch: classes/admin.class.php

To patch, the above file for your CubeCart version can be downloaded and the existing version replaced. As a precaution, it is then recommended to login and change all administrator passwords. All Havenswift Hosting customers that are using affected versions of CubeCart and have E-Commerce Hosting packages are in the process of being patched with the relevant file and this process will be completed very shortly.

The following two tabs change content below.
This is the main Havenswift Hosting company account that is used by different members of staff when making blog postings on behalf of the company rather than as individuals

Latest posts by Havenswift Hosting (see all)


There Are 2 Comments

Michelle Arnold on 07 Sep, 2015

can I confirm this is not the case with the old version 4 which we are running?

Thanks
Michelle

Havenswift Hosting on 07 Sep, 2015

We can confirm that V4 CubeCart websites are not affected by this issue

Post Your Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Copyright Havenswift Hosting 2007-2018. All rights reserved.