Results 1 to 1 of 1

Threaded View

  1. #1
    Join Date
    Jun 2003
    Newcastle UK
    Blog Entries
    Plugin Contributions

    red flag Security Patch for all versions prior to v156c

    We were recently notified of a security vulnerabilty regarding the sanitization of the 'notify' parameter used in Zen Cart to add product notifications to a user account.

    The proof of concept could lead to an SQL injection.

    To fix the vulnerability on older versions we are releasing a patch file. The patch file should be placed in your
    /includes/extra_configures/ directory.

    The security patch file can be downloaded from: /includes/extra_configures/security_patch_notify_20190707.php
    (right click and "save link as")
    or use the attachment below.

    Note 1: We have only tested the patch going back to v1.3.8. Use of the patch on prior versions is not guaranteed.

    Note 2: The security patch has been directly incorporated into v1.5.6c (released today) and also the v1.5.7 development branch. There are no
    adverse consequences from having the security patch file in either of these versions.
    Attached Files Attached Files



Similar Threads

  1. Patch: PHPMailer security patch (Dec 2016) for v155c and older
    By DrByte in forum Zen Cart Release Announcements
    Replies: 3
    Last Post: 12 Apr 2017, 08:44 PM
  2. Security Patch?
    By TheHYPO in forum Upgrading from 1.3.x to 1.3.9
    Replies: 6
    Last Post: 9 Jan 2011, 04:34 AM
  3. Security patch?
    By Cindy2010 in forum General Questions
    Replies: 1
    Last Post: 28 Aug 2010, 02:23 AM
  4. Replies: 15
    Last Post: 2 Oct 2009, 11:45 AM
  5. Security Patch
    By Snotori in forum General Questions
    Replies: 1
    Last Post: 2 Sep 2006, 06:34 PM


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
Zen-Cart, Internet Selling Services, Klamath Falls, OR