In association with heise online

02 December 2008, 10:10

Security update for cpCommerce shop software

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Update 1.2.7, aimed at preventing a login without the valid login data, has been issued for the cpCommerce shop software. The problem is an error in _functions.php, which can be exploited to overwrite any PHP variables. Crafted HTTP requests can be used to acquire administrator rights and even run injected PHP.

The error has been discovered in version 1.2.6, but other versions may also be affected. Users should install the update as soon as possible, because an exploit that takes advantage of this vulnerability has already appeared on Milw0rm.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit