Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Urgent Security Issue Rate Topic   - - - - -


Posted 27 July 2018 - 02:02 AM #1

Currently I'm using CS Cart MV 4.8.1.SP1.


Recently, I had user who signed up to store with following information:


file_get_contents test;@gmail.com


That user logged in several times to store and I think that person is trying to SQL inject into CS Cart.


When I checked the log, the IP address is coming from Hong Kong. 


Should I be concerned regarding the security issues on CS Cart?


Can you let me know if there's security flaw on CS Cart that this type things would cause security issues?


  • eComLabs
  • CS-Cart Expert
  • Authorized Reseller
  • Join Date: 27-Jan 14
  • 20665 posts

Posted 27 July 2018 - 06:02 AM #2

Good day. Please contact CS-Cart team and provide them with full logs. This is community forum and I am not sure if someone can help you here

GET A FREE QUOTE | CS-Cart Add-ons | CS-Cart Licenses | CS-Cart Development | CS-Cart Design | Server Configuration | UniTheme and YOUPI
CS-Cart                USD 345     Multi-Vendor              USD 1250    Multi-Vendor PLUS           USD 3100 (2775)
CS-Cart Ultimate  USD 775     CS-Cart + YOUPI      USD 545      Multi-Vendor Ultimate       USD 7500 (6000)

  • poppedweb
  • Authorized Reseller
  • Members
  • Join Date: 02-Aug 16
  • 553 posts

Posted 27 July 2018 - 04:46 PM #3



As far as I can see eval or similar functions are not used on usernames, hence this wouldnt be a security risk. You can always ask CS-Cart this question, provided you give them access to the required information. Next time, please dont use a misleading title like this, this indicates you have a 'urgent security risk' instead of a 'possible security risk', see how that changes the enitre meaning of your post?


Kind regards,

PoppedWeb | sales@poppedweb.com | https://poppedweb.com
TurnKey Website Design | Add-Ons | Performance Audits | Dedicated Server Management
24/7 Support | Response within an hour (during working hours).

  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 11590 posts

Posted 27 July 2018 - 06:55 PM #4

Even if it were eval'd, it would generate syntax error

EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.