Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-47675: CubeCart 6.5.3 Released - Security Update

CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.

CVE
#csrf#vulnerability#web#git#php#auth

Many thanks to Gen Sato from Mitsui Bussan Secure Directions, Inc. for responsibly reporting a number of security issues found in all version of CubeCart up to 6.5.3. Please note that these vulnerabilities are executable if a bad actor has authenticated into the back end of the victims store.

Vulnerabilities

  1. Directory traversal (any file download) - GitHub Issue #3410

  2. Directory traversal (deletion of arbitrary files and directories) - GitHub Issue #3409

  3. CSRF bypassing CSRF token checks - GitHub Issue #3408

  4. OS Command Injection - This vulnerability concerns the ability for the Smarty template engine to be able to execute dangerous functions.e.g.

    {system(‘echo ^<?php phpinfo(); > C:/xampp/htdocs/testout.php’)}

    No patch has been created for this vulnerability but instead we strongly recommend disabling dangerous PHP functions as recommended by our free CubeCart Security Suite. We suggest disabling the following PHP functions with your php.ini file then restarting the web server.

    disable_functions = exec, system, passthru, pcntl_exec, popen, proc_open, shell_exec

This release also patches a number of other maintenance updates.

Upgrading to 6.5.3 is highly recommended. If for some reason you are unable to upgrade to this version it is possible to find the code patches for each vulnerability within each GitHub issue above. If you require help, technical support is available.

Download: CubeCart-6.5.3.zip

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907