osCommerce and osCMax shopping cart software forums

Shopping Cart Software

osCommerce with teeth!

 

osCMax v2.0.3 Security Update Released

This is a discussion on osCMax v2.0.3 Security Update Released within the Announcements forums, part of the osCMax News and Announcements category; A vulnerability has been discovered in osCMax v2.0.2 that does not properly sanitize output. This allows an attacker to change ...



Find us on Facebook
Go Back   osCommerce and osCMax shopping cart software forums > osCMax News and Announcements > Announcements

osCMax v2.0.3 Security Update Released osCMax v2.0.3 Security Update Released

Connect with Facebook Register FAQDonate Members List Calendar Mark Forums Read


Reply

 

LinkBack Thread Tools
  #1  
Old 07-01-2009, 10:14 AM
michael_s's Avatar
osCMax Developer


  
Join Date: Jul 2002
Location: Phoenix, AZ
Posts: 15,762
Thanks: 139
Thanked 609 Times in 521 Posts
Rep Power: 10
michael_s has a reputation beyond reputemichael_s has a reputation beyond reputemichael_s has a reputation beyond reputemichael_s has a reputation beyond reputemichael_s has a reputation beyond reputemichael_s has a reputation beyond reputemichael_s has a reputation beyond reputemichael_s has a reputation beyond reputemichael_s has a reputation beyond reputemichael_s has a reputation beyond reputemichael_s has a reputation beyond repute
Default osCMax v2.0.3 Security Update Released
A vulnerability has been discovered in osCMax v2.0.2 that does not properly sanitize output. This allows an attacker to change the url string and inject malicious code.

osCMax v2.0.3 has been posted to the download page and the fixes are also present in SVN trunk and the v2.1 branch.

It is recommended that all osCMax users update their sites with this patch. All versions of osCMax are vulnerable, including all prior versions of v2.0x.

Download the zip file and replace /admin/includes/application_top.php with the contained file. That is all that needs to be done. Note that this patch has only been tested on v2.0.2 but should work with all v2.0x versions of osCMax.
Attached Files
File Type: zip oscmax_v2.0.3patch.zip (2.9 KB, 222 views)
__________________
Michael Sasek
osCMax Developer
*** Do not PM me requesting paid help. The only paid work I do is for AABox Web Hosting customers ***

Stay Up To Date with everything osCMax:
Free osCMax Newsletters - Security notices, New Releases, osCMax News
osCMax on Twitter - Up to the minute info as it happens. Know it first.

osCMax User Manual - osCMax Templates - Advanced Template Tutorial

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
The Following 10 Users Say Thank You to michael_s For This Useful Post:
bkpie (07-03-2009), controlfreak (12-23-2009), cygamer (07-10-2009), GedC (07-01-2009), Hostboard (07-03-2009), jquach (07-24-2009), MindTwist (07-01-2009), pgmarshall (07-01-2009), ptt81 (07-15-2009), ridexbuilder (07-01-2009)
Reply

« Full usable demo on line | osCMax v2.0.15 Released Today! »
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads

Thread Thread Starter Forum Replies Last Post
osCMax Security Update - XSS flaw patched michael_s Announcement Discussions 20 03-31-2009 12:45 PM
osCMax Security Update - Arbitrary Upload Exploit michael_s Announcement Discussions 16 09-29-2008 09:25 AM
osCMax 2.0RC2 Security Patch/Update 051112 wilde-uk osCMax v2 Installation issues 5 04-12-2006 07:45 PM
osCMax 2.0RC2 Security Patch/Update 051112 michael_s Announcements 0 11-27-2005 09:12 AM
MS2-MAX 1.5.5 BTS UPDATE RELEASED michael_s osCMax v1.7 Announcements 0 11-23-2003 09:27 PM


All times are GMT -8. The time now is 01:21 PM.

osCMax Home - Site Map - Top

Powered by vBulletin®
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
SEO by vBSEO
Copyright 2009 osCMax
Inactive Reminders By Icora Web Design