Affected versions are 5.2.12 through to 6.0.6.
If an administrator’s email is known to a hacker it may be possible to take control of the account and have complete access to the store’s control panel.
CubeCart have released a patch for affected V5 and V6 sites and these are available from here :
To patch, the above file for your CubeCart version can be downloaded and the existing version replaced. As a precaution, it is then recommended to login and change all administrator passwords. All Havenswift Hosting customers that are using affected versions of CubeCart and have E-Commerce Hosting packages are in the process of being patched with the relevant file and this process will be completed very shortly.