[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: UPDATED: CubeCart (v3.0.15) - CRLF Injection Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: UPDATED: CubeCart (v3.0.15) - CRLF Injection Vulnerability
From: info@xxxxxxxxxxxxx
Date: 9 May 2007 10:31:14 -0000

3.0.16 will be released later today. Simple str_replace to fix in 
includes/session.inc.php and treatGet function on $_GET['ccUser']. 

## remove possible CRLF injection
$sessId = str_replace(array('%0d', '%0a'), '', $sessId);

Please report any potential security issues directly to us in the future rather 
than making them public immediately.

Prev by Date: Exchange Calendar MODPROPS Denial of Service (CVE-2007-0039)
Next by Date: iDefense Security Advisory 05.08.07: McAfee Security Center IsOldAppInstalled ActiveX Buffer Overflow Vulnerability
Previous by thread: UPDATED: CubeCart (v3.0.15) - CRLF Injection Vulnerability
Next by thread: Drake CMS (v0.4.0) - CRLF Injection Vulnerability
Index(es):
- Date
- Thread