Security issue in CS-Cart - protect your site

Hello everyone!

Our developers have found a serious security vulnerability in CS-Cart. The identified vulnerability could allow malicious users to gain access to sensitive information in your online store or marketplace. Our team has already addressed this issue in CS-Cart version 4.17.2 SP1. We are not disclosing more details, because to our knowledge, the vulnerability hasn’t been exploited yet.

There are two ways to close the vulnerability:

:black_small_square: If you are using CS-Cart 4.17.2, the upgrade to version 4.17.2 SP1 is already available in your Upgrade Center.

:black_small_square: If you are using an older version and can’t upgrade, you can still fix the problem. Go to the File Area in the Help Desk, open the Updates folder and find the “Security Fixes (January 2024) for 4.0.1 — 4.17.2” add-on. Download it and install the add-on using our instructions.

This patch is a must-have and we strongly recommend closing this vulnerability as soon as possible.



1 Like

A post was split to a new topic: Error notification displayed after switching from storefront to admin panel with bottom panel

Why is there no mention of SP2 here? I got the notice yesterday and am trying to run the upgrade in the admin panel now.

But anyhow, the upgrade has been running for 45 minutes now and seems to be stuck on “backing up data from phinxlogxxxxx” for about a half hour. I already backed up the file system and database manually before the update and selected ‘don’t save a backup’ in the upgrade process. Why is it trying to backup the db? Is that a bug?
I think it may be hung at this point.

EDIT: Never mind. I refreshed the screen and tried again and the upgrade only took a minute or so. I probably didn’t check the box to skip the backups the first time.

The announcement has recently been released :slight_smile:

1 Like