March 27, 2008 :: Cubecart v4 vulnernability

[Jason]

From Cubecart:

CubeCart 4.x.x Security Patch
A minor cross site scripting vulnerability has been reported in all CubeCart v4 releases.
Reports:
http://secunia.com/advisories/29532/
http://www.securityfocus.com/bid/28452

This security hole exists due to a bug in the global variable sanitation function of the ini.inc.php file. Please patch this at the first opportunity either using the manual or auto fix below.

Manual Code Fix (All 4.x.x Releases)

Open ini.inc.php and find at around line 134:

$data[$key] = $this->safety($val);
}

return true;

Replace with:

$data[$key] = $this->safety($val);
}

To clarify all that is required is that the line "return true;" is removed.

Auto Fix
If you run CubeCart ≤ 4.1.1 please download and extract the zip file below and replace this over your existing ini.inc.php file on the remote server.

CubeCart_4.1.1_pl1.zip ( 2.98K )

If you run CubeCart ≤ 4.2.1 please download and extract the zip file below and replace this over your existing ini.inc.php file on the remote server.

CubeCart_4.2.1_pl1.zip ( 3.18K )


IMPORTANT NOTE: If you have upgraded from CubeCart v3 there may also be an ini.inc.php file in the includes folder. That file does not need attention and can be safely deleted if you wish.