If you run CS-Cart 4.0.1 and newer, you could be affected. Hackers can gain access to your administration panel, if they know your admin script URL. If you didn’t rename your admin.php file after the installation, do it now.
I would feel a lot safer if my renamed admin wasn't STILL being sent to CS-Cart as part of license authentication.
By the way, I have uploaded the auth.pre.php
F#$K !!
The email advising me may have been a hoax.
It was installed for about 1 minute before I removed it again.
lol
Just realised that I had to download the fix from the real help desk.
Installed again but not sure of permissions.
Should they be 666 just like 'auth.php' is ???
Why this info is sent only by email and not in blog or here in forum ?
And why is it not in my upgrade area? They should do what it takes to rush it out rent extra servers or whatever they need to do - simply make it happen - no excuses.
And why is it not in my upgrade area? They should do what it takes to rush it out rent extra servers or whatever they need to do - simply make it happen - no excuses.
From Upgrade area you can get only upgrade to 4.3.9 - it will be there within next 30 minutes.
The easiest way is to apply patch - just upload auth.pre.php to app/controllers/common folder
I know it says in the email that this is just for versions 4.X.X - but I'm just double checking, can you confirm older versions 2.X.X etc are not effected by the flaw?
thanks
I know it says in the email that this is just for versions 4.X.X - but I'm just double checking, can you confirm older versions 2.X.X etc are not effected by the flaw?
thanks
Yes, I confirm. 3.x.x & 2.x.x are not affected even though hacker knows you admin URL.