Our developers have found a serious security vulnerability in CS-Cart. The identified vulnerability could allow malicious users to gain access to sensitive information in your online store or marketplace. Our team has already addressed this issue in CS-Cart version 4.17.2 SP1. We are not disclosing more details, because to our knowledge, the vulnerability hasn’t been exploited yet.
There are two ways to close the vulnerability:
If you are using CS-Cart 4.17.2, the upgrade to version 4.17.2 SP1 is already available in your Upgrade Center.
Why is there no mention of SP2 here? I got the notice yesterday and am trying to run the upgrade in the admin panel now.
But anyhow, the upgrade has been running for 45 minutes now and seems to be stuck on “backing up data from phinxlogxxxxx” for about a half hour. I already backed up the file system and database manually before the update and selected ‘don’t save a backup’ in the upgrade process. Why is it trying to backup the db? Is that a bug?
I think it may be hung at this point.
EDIT: Never mind. I refreshed the screen and tried again and the upgrade only took a minute or so. I probably didn’t check the box to skip the backups the first time.
If you are using CS-Cart 4.17.2, the upgrade to version 4.17.2 SP1 is already available in your Upgrade Center.
