» Billing & Support
» Knowledgebase
» My Project Basecamp

X-Cart Security Bulletin - August 6th, 2008

On August 6th, 2008 Qualiteam has again been diligent in keeping up with current threats that affect all of us.

A new security bulletin was announced that describes the 2nd vulnerability for the year, and the 2nd in just about a months time.

The security threat has been described as:

"Several moderate security issues have been identified in X-Cart. The issues make X-Cart-based stores potentially vulnerable to attackers who wish to make the application inoperable or gain access to the application back-end."


 You can purchase the patch service at the bottom of this page.

Improvement in this series of patches includes the following:

ALL VERSIONS

  1. The way adding/updating users worked, which was introduced in the previous patch, is changed.
  2. Protection against SQL errors in case of a wrong productID is added (except versions 4.1.4 - 4.1.10)
  3. Protection against SQL injections during inventory updating is added.

4.0.x branch

  1. Session variables are now protected from modifications using POST and GET queries.
  2. For versions 4.0.10 - 4.0.19, the previous patch did not work for stores run in Windows environment. It is now corrected.

4.1.x branch

  1. Session variables are now protected from modifications using POST and GET queries.

  2. The previous patch did not work for stores run in Windows environment. It is now corrected.

  3. Protection for unauthorized access to files using the GiftCertificate module is added.

  4. (for 4.1.9, 4.1.10), protection against XSS attacks, introduced by the previous patch, is improved.

  5. (for 4.1.0 - 4.1.8), an error revealed in the previous patch (use of a undeclared function) is fixed.

I know some of you that are new to X-cart and the web in general are asking yourselves how come X-cart has so many problems?

The answer that that is that this is not an X-cart specific issue. It is just part of owning an internet based business in which you rely on technology to engage in business.

All shopping carts and web programs are subject to the same problems. When it comes right down to it, hackers are to thank for finding new ways to attack our businesses and we should all praise the team at X-cart for working so diligently at keeping our software safe and secure!

As before, we have again activated our emergency critical patch service to handle all requests for the patch in 24 hours or less.

The fee for this service is $45 per website.
FEATURED PROJECT
Featured Web Development Project
 
DID YOU KNOW?
NetVision can handle ALL your web development needs including open source solutions such as Joomla, OSCommerce, and X-Cart to name a few.

We also provide SEO services, SEO content writing, print design, and logo design.

Don't see a service you need on our site? Chances are we can handle it. Contact us today with your business needs and we'll promptly reply with an answer.

 
NetVision Proudly Recommends
 
NetVision merchant accounts with eonlinedata
 
Reliable and fast hosting at Hands-On Web Hosting