CubeCart 6.5.3
30 October 2023
CubeCart version 6.5.3 is now available (security release).
Upgrading to CubeCart 6.5.3
CubeCart 6.5.3 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply CubeCart updates as new versions are released, or use Installatron's Clone feature to duplicate an existing CubeCart install to test the 6.5.3 upgrade prior to applying it live. Get started managing your CubeCart installations with Installatron
What's New in CubeCart 6.5.3
Security
- Directory traversal (any file download) - GitHub Issue #3410
- Directory traversal (deletion of arbitrary files and directories) - GitHub Issue #3409
- CSRF bypassing CSRF token checks - GitHub Issue #3408
- OS Command Injection - This vulnerability concerns the ability for the Smarty template engine to be able to execute dangerous functions. No patch has been created for this vulnerability but instead we strongly recommend disabling dangerous PHP functions as recommended by our free CubeCart Security Suite. We suggest disabling the following PHP functions with your php.ini file then restarting the web server: disable_functions = exec, system, passthru, pcntl_exec, popen, proc_open, shell_exec
Bug Fixes & Changes
- Minor Optimization: Update Order Summary #3407
- 'CubeCart_domains' missing auto increment on primary key #3405
- Modal windows show behind bxslider prev/next #3403
- Exit modal and newsletter signup isn't checking for recapcha status #3402
- Checkout login should redirect to checkout #3401
- Misspelling #3399
- PHP 8 Warning #3397
- Front End: Sale Items Not Listing #3395
- Product Statistics: Add an Edit Link #3393
- Number format total sales #3391
- Free Shipping coupon fails if settings specify to default to "cheapest but not free" #3390
- Elasticsearch config from global.inc.php file not found #3387
- Number format pagination total #3386
- settings.language.php" on line 116 unknown function 'sprinf' #3384
- 404 Log is duplicating 404's instead of counting them up #3383
- Bad Code #3382