Office Hours
Day Hours (GMT)
Bank Holidays Closed
Monday 9:00 - 17:30
Tuesday 9:00 - 17:30
Wednesday 9:00 - 17:30
Thursday 9:00 - 17:30
Friday 9:00 - 17:30
Saturday Closed
Sunday Closed
RSS Feed
News
Jan
23
Posted by on 23 January 2017 10:11 AM

A security directory traversal vulnerability has been discovered in all version of CubeCart version 6. CubeCart version 6.1.4 has been release which patches this.

We recommend that all merchants upgrade to 6.1.4 or patch their store as soon as possible. 

Manual Patch: https://github.com/cubecart/v6/commit/8f1ec4e87c58e60e7fd865eabc6a1ab2b721729c
Download: CubeCart-6.1.4.zip

We would like to pass on our warm thanks to all the staff at Japan Computer Emergency Response Team (JPCERT) Coordination Center for discovering this issue and for handling it so professionally. 


Comments (0)
©2017 CubeCart Limited. All rights reserved. CubeCart Limited is a company registered in England & Wales under number 5323904. VAT Registration Number GB886451190.