During internal audit activities we found several moderate security issues that make X-Cart potentially
vulnerable to attackers who wish to gain access to the application back-end.

The following security improvements have been included into this update:
- protection from unallowed access to back-end, using POST queries (formed in a special way) has been added.
- an extra protection level against SQL injections has been added.

SEVERITY: Moderate

IMPACT

A malicious user can gain access to the application back-end.

AFFECTED VERSIONS

All X-Cart versions from 4.1.0 to 4.1.11

SOLUTION

We strongly recommend X-Cart users to install the security fix available in the HelpDesk ‘File Area’. Installation instructions can be found in the README.txt file attached to the .tgz archive.

You can find the patch by the following path:
* For X-Cart 4.1.11 version:
X-Cart -> X-Cart 4.1.11 (current version) -> Updates and patches

* For X-Cart 4.1.0 – 4.1.10 versions:
X-Cart -> X-Cart supporting files for prev versions -> X-Cart 4.1 -> {Your X-Cart version} -> Updates and patches

If you are using X-Cart versions 4.1.0 – 4.1.10, before applying this security patch you *have to* apply all the previous security patches.
You can find all the previous security patches in the “File area” section of the Support HelpDesk or you can contact us and we can apply the patch(s) for you