CS-Cart 2.x Joins the Vulnerability Club

Oh just lovely, looks like the guy Zeke confused me with has jumped ahead and found a security issue with CS-Cart 2.0.11 …



[url]About Secunia Research | Flexera


[quote name=‘“Secunia Advisory”’]The vulnerability is confirmed in version 2.0.11. Other versions may also be affected.[/QUOTE]



Thus far, I have only reviewed 1.3.(4/5)-SP1 to SP4 in extreme extensive line by line detail and I have found pretty much all it’s major vulnerabilities and issues but thus far I have not had much time to do any heavy extensive security review wise with the newer 2.0.9+ versions but I wouldn’t doubt given CS-Cart’s track record that someone out there would find something on 2.0.11 regarding exploit vulnerabilities though I was sincerely hoping we would see less of those issues now.



Subsequently per above, I cannot personal confirm or verify the alert on CS-Cart 2.0.11 issue directly yet or at this particular time but, my experience has generally been if it makes it into the Secunia database, it’s valid and needs to be addressed as soon and as quickly as possible.



(To be perfectly fair, this isn’t 2.x’s first run into security problems but drags things out to include the most recent)

thanks for the post, have you send it to cs.cart?

CS is already aware and working on a fix.