An OpenCart vulnerability in the cache handling routine of OpenCart allowed for an exploit that could overwrite files with blank files. A fix has been made available for download.
VickiGroup.com reported the exploit on September 9, 2011, exposing the vulnerable code. The OpenCart developer, Daniel Kerr, posted a fix the same day. While the exploit didn’t seem to be able to expose any critical information from an OpenCart store, it could play havoc with sites.
To remedy this OpenCart vulnerability:
- Download the updated cache.php file.
- Upload it to /system/library/ on your OpenCart server, replacing the current cache.php file.
- Delete all files in the /system/cache/ directory, except for the index.html file.
You should be good to go.
While we have not confirmed it, other OpenCart users report that this update should fix version 1.4.x and 1.5.x of OpenCart. Please let us know if you find different results.
Yes, we’ve updated all our OpenCart installations.