Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Urgent Security Issue Rate Topic   - - - - -

 

Posted 27 July 2018 - 02:02 AM #1

Currently I'm using CS Cart MV 4.8.1.SP1.

 

Recently, I had user who signed up to store with following information:

 

file_get_contents test;@gmail.com

 

That user logged in several times to store and I think that person is trying to SQL inject into CS Cart.

 

When I checked the log, the IP address is coming from Hong Kong. 

 

Should I be concerned regarding the security issues on CS Cart?

 

Can you let me know if there's security flaw on CS Cart that this type things would cause security issues?

 


 
  • eComLabs
  • CS-Cart Expert
  • Authorized Reseller
  • Join Date: 27-Jan 14
  • 18498 posts

Posted 27 July 2018 - 06:02 AM #2

Good day. Please contact CS-Cart team and provide them with full logs. This is community forum and I am not sure if someone can help you here


GET A FREE QUOTE | CS-Cart Add-ons | CS-Cart Licenses | CS-Cart Development | CS-Cart Design | Server Configuration | UniTheme and YOUPI
CS-Cart                USD 345     Multi-Vendor              USD 1250    CS-Cart RU                         24500 руб.
CS-Cart Ultimate  USD 775     CS-Cart + YOUPI      USD 545      CS-Cart RU + UniTheme    36000 руб.


 
  • poppedweb
  • Authorized Reseller
  • Members
  • Join Date: 02-Aug 16
  • 451 posts

Posted 27 July 2018 - 04:46 PM #3

Hello,

 

As far as I can see eval or similar functions are not used on usernames, hence this wouldnt be a security risk. You can always ask CS-Cart this question, provided you give them access to the required information. Next time, please dont use a misleading title like this, this indicates you have a 'urgent security risk' instead of a 'possible security risk', see how that changes the enitre meaning of your post?

 

Kind regards,


PoppedWeb | sales@poppedweb.com | https://poppedweb.com
TurnKey Website Design | Add-Ons | Performance Audits | Dedicated Server Management
24/7 Support | Response within an hour (during working hours).

 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 11023 posts

Posted 27 July 2018 - 06:55 PM #4

Even if it were eval'd, it would generate syntax error


EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.