Office Hours
Day Hours (GMT)
Bank Holidays Closed
Monday 9:00 - 17:30
Tuesday 9:00 - 17:30
Wednesday 9:00 - 17:30
Thursday 9:00 - 17:30
Friday 9:00 - 17:30
Saturday Closed
Sunday Closed
RSS Feed
News
Oct
16
Posted by on 16 October 2017 09:33 AM

Just before the weekend Robin Peraglie from RIPS Technologies reported a critical security hole in all current CubeCart version 6 releases.

All customers on our Technical Support & Management service plan have been contacted about this and 93% (with correct login on file) have been proactively patched over the weekend. If you are a client on this service plan who has been contacted to be told that we haven't been able to access your store, please login and update this information here as soon as you can and let us know. We will then get your store secured - please don't delay.

CubeCart version 6.1.12 has been released which patches this vulnerability. If you can't upgrade to this version please either;

  1. make the code changes published against Github Issue #1763
    -- or -- 
  2. download CubeCart 6.1.12 and replace the classes/admin.class.php file. 

Download: CubeCart-6.1.12.zip

At CubeCart we take security with utmost importance. We thank Robin for reporting this vulnerability responsibly and we hope that no CubeCart merchants are affected by this maliciously. 


Comments (0)
©2017 CubeCart Limited. All rights reserved. CubeCart Limited is a company registered in England & Wales under number 5323904. VAT Registration Number GB886451190.