The vulnerability was found in house (by our own specialists), and to our knowledge it hasn't been exploited yet. That’s why we aren’t disclosing yet what exactly it is about—that way you will have time to secure your store. Even though your installation of CS-Cart or Multi-Vendor 4.x.x might not be affected (it depends on the server configuration), we highly recommend against ignoring this problem. Please take one of the following measures as soon as possible:
• If you use CS-Cart or Multi-Vendor 4.6.3, install Service Pack 1 that is currently available in your Upgrade Center.
• If you use an older version of CS-Cart or Multi-Vendor 4.x.x, please follow the steps below:
- Go to the app/Tygh directory of your CS-Cart or Multi-Vendor installation and find the file called Bootstrap.php.
- Find the following line in that file:
if (empty($server['REQUEST_METHOD'])) {
- Replace it with the following line and save your changes:
if (PHP_SAPI === 'cli') {