Be More Than a Mom - Announcements

08/08/2008 00:00

Attention X-Cart Users - Security Patch is needed

Several moderate security issues have been identified in X-Cart. The issues make X-Cart-based stores potentially vulnerable to attackers who wish to make the application inoperable or gain access to the application back-end.

Qualiteam has released the security update which includes the following improvements.

All versions:

- the way adding/updating users worked, which was introduced in the previous patch, is changed,
- protection against SQL errors in case of a wrong productID is added (except versions 4.1.4 - 4.1.10),
- protection against SQL injections during inventory updating is added.

4.0.x branch:

- session variables are now protected from modifications using POST and GET queries,
- for versions 4.0.10 - 4.0.19, the previous patch did not work for stores run in Windows environment. It is now corrected.

4.1.x. branch:

- session variables are now protected from modifications using POST and GET queries,
- the previous patch did not work for stores run in Windows environment. It is now corrected,
- protection for unauthorized access to files using the GiftCertificate module is added,
- (for 4.1.9, 4.1.10) protection against XSS attacks, introduced by the previous patch, is improved,
- (for 4.1.0 - 4.1.8), an error revealed in the previous patch (use of a undeclared function) is fixed.

SEVERITY:

Moderate

IMPACT

A malicious user can make an X-Cart-based store inoperable or gain access to the application back- end and sensitive information stored in the users profiles.

AFFECTED VERSIONS

All X-Cart versions from 3.5.X to 4.1.10

Please open a support ticket if you would like our support team to install these for you (at a cost of $10/ea). Or you can go to the Downloads section to get these necessary files.

Your Be More Than a Mom Support Team

<< Back

View RSS Feed