Security Vulnerability In Cs-Cart 4.0.1-4.3.8

Hello!

Recently we found a critical security vulnerability in CS-Cart starting from version 4.0.1, so if you run CS-Cart 4.0.1 and newer, you could be affected. In fact, hackers can gain access to your administration panel, if they know your admin script URL. And if you didn’t rename your admin.php file after the installation, do it now.

For security reasons please check all your admin accounts and make sure that it was you who created all the administrator accounts. Also, carefully check all the administrator email addresses and ensure they are correct. We recommend that you change all admin passwords just in case too.

How to Deal with This Vulnerability
There are three options to make your store safe.

Option 1: Apply a hotfix.

1. Log in to your CS-Cart Help Desk account and download the auth.pre.php file from the Updates folder of the File area page:


WqKoqLx.png


2. Upload the auth.pre.php file to the app/controllers/common directory of your CS-Cart installation. Since your CS-Cart installation doesn’t have such file, you just have to place it into that directory and that’s it.

Multi-Vendor requires some extra steps 3-5

3. Open the fn.users.php file located in the /app/functions/ folder of your Multi-Vendor installation.

4. In this file, find the following line:

$u_type = !empty($user_data['user_type']) ? $user_data['user_type'] : $current_user_data['user_type'];

and add this piece of code after it:

$auth_user_type = isset($_SESSION['auth']['user_type']) ? $_SESSION['auth']['user_type'] : null;
  if ($u_type == 'A' && $auth_user_type != 'A') {
      return $current_u_type;
  }

5. Save the changes and close the file.

Option 2: Upgrade to version 4.3.9. CS-Cart and 4.3.9 ships with this patch. To upgrade:

1. Log in to your administration panel

2. Go to Administration → Upgrade center and check if the upgrade to 4.3.9 is available

3. Upgrade to version 4.3.9 as soon as you can


Option 3: Ask our support team to help you. If you think you cannot deal with this security flaw yourself using the two previous options, let our support team do this. Contact our support guys via your CS-Cart Help Desk account and give them temporary access to your server by FTP, SSH, or via cPanel.

P.S.: This security vulnerability is critical, so please don’t put off this issue and deal with it ASAP with any option we’ve provided.

P.P.S This topic is closed. All questions and discussion can be found here: http://forum.cs-cart.com/topic/45454-security-vulnerability-in-cs-cart-4xx/