Critical Security Issue in CubeCart V5 and V6

Critical Security Issue in CubeCart V5 and V6

What versions of CubeCart are affected

Affected versions are 5.2.12 through to 6.0.6.

What is the security issue

If an administrator’s email is known to a hacker it may be possible to take control of the account and have complete access to the store’s control panel.

What steps should be taken

CubeCart have released a patch for affected V5 and V6 sites and these are available from here :

CubeCart v6 Patch: classes/admin.class.php
CubeCart v5 Patch: classes/admin.class.php

To patch, the above file for your CubeCart version can be downloaded and the existing version replaced. As a precaution, it is then recommended to login and change all administrator passwords. All Havenswift Hosting customers that are using affected versions of CubeCart and have E-Commerce Hosting packages are in the process of being patched with the relevant file and this process will be completed very shortly.

The following two tabs change content below.

• Bio
• Latest Posts

Havenswift Hosting

This is the main Havenswift Hosting company account that is used by different members of staff when making blog postings on behalf of the company rather than as individuals

Latest posts by Havenswift Hosting (see all)

• CubeCart PayPal Commerce Plugin Requires Mandatory Phone Number - 14th April 2021
• PHP 7.2 Patches are available for Magento 1 - 6th October 2018
• New Magento patch released – SUPEE-10888 - 20th September 2018