Creloaded sites vulernable to URL change exploit, please patch your site ASAP

Discussion in 'eCommerce' started by Enzo, Feb 19, 2010.

0
  1. #1
    There is a discussion over at SP about SERIOUS CRE Loaded Security Issue Revealed which affects 1000s of stores affected. Better hurry and patch yours if yours is among them!
     
    Enzo, Feb 19, 2010 IP
  2. Enzo

    Enzo Well-Known Member

    Messages:
    114
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    128
    #2
    Here is the fix:

    in the file admin/includes/application_top.php


    Simply find the line:

    $PHP_SELF = (isset($_SERVER['PHP_SELF']) ? $_SERVER['PHP_SELF'] :
    $_SERVER['SCRIPT_NAME']);

    and replace with:
    $PHP_SELF = $_SERVER['SCRIPT_NAME'];
     
    Enzo, Feb 19, 2010 IP
  3. nirajkum

    nirajkum Active Member

    Messages:
    815
    Likes Received:
    5
    Best Answers:
    0
    Trophy Points:
    58
    #3
    thanks for provding this fix with us ..
     
    nirajkum, Feb 19, 2010 IP