Release date: April 4, 2012
Affected CS-Cart versions: 1.3.5 and 2.x.x (all editions)
Bug severity: Critical
Summary
The update fixes a CS-Cart vulnerability that can result in a potential hacker having access to the software files.
Solution
- In your CS-Cart Help Desk account (https://www.cs-cart.com/helpdesk), open the File area page, then the Updates section.
- Download the prepare.php file for your CS-Cart version (http://kb.cs-cart.co...-cscart-version) to your local computer.
Note: the patch is available only for authorized owners of CS-Cart Community, Professional and Multi-Vendor licenses. - Upload the downloaded file to the CS-Cart root directory on your server replacing the existing prepare.php file.
There has not been detected any case of exploiting this vulnerability so far. It has been discovered during routine security audit activities.
The details of the exploit are not to be published to avoid compromising our clients' CS-Cart installations.
Sharing the patched prepare.php file is not allowed on these Forums either.
Thank you.