Our site www.viart.com site is operated by latest Viart Shop 5 with default Clear design
Topic Information
Vera
Vera
Description
There was found a vulnerability that allowed remote file inclusions.
 
Solution
1) Download one of the files below according to the version you run:
 
4.1 and below
http://www.viart.com/downloads/admin_header-4.1.zip
http://www.viart.com/downloads/previews_functions-4.1.zip
http://www.viart.com/downloads/ajax_list_tree-4.1.zip
 
3.6
http://www.viart.com/downloads/admin_header-3.6.zip
http://www.viart.com/downloads/previews_functions-3.6.zip
http://www.viart.com/downloads/ajax_list_tree-3.6.zip
 
Extract 'admin_header.php' into 'admin' folder and 'previews_functions.php', 'ajax_list_tree.php' into 'includes' folders of your shop replacing existing files.
 
2) Also we recommend to turn off register_globals option in the PHP configuration to prevent such possibility at all:
register_globals = Off
 
Last modified: 1 Oct 2012 4:16 PM
 
David (Guest)
David (Guest)
includes/ajax_list_tree.php
 
includes/previews_functions.php
 
these 2 files also have the same vulnerability, please patch also.
 
One of our store is now under attack to previews_functions.php
 
David
 
Vera
Vera
 
Mark (Guest)
Mark (Guest)
Our site got hacked yesterday morning, quite possibly due to one of these vulnerabilities. Is there a way I can be updated via email or rss about new patches?
 
tiff (Guest)
tiff (Guest)
Does this apply to 3.4.7?
 
Vito
Vito
Does this apply to 3.4.7?
 
No, it doesn't
 
Metz
Metz
If our register_globals are off, is there still a concern?
 
Also, if we haven't upgraded to 4.1, will these patches mess up anything in 4.0.8?
 
Thanks!
 
nuweb (Guest)
nuweb (Guest)
Why is the 3.6 patch for this malware remote inclusion listed within the 4.1 patches, and now also displayed in the 3.6 patch list?