Knowledgebase

A vulnerability has been identified in v5 which could allow an attacker to systematically deduce information from the database in order to gain unauthorized access.

A fix is available here:

http://www.cactushop.com/download/CactuShopV5_152_basket.zip

This specific vulnerability does not affect v6. We have had a limited number of reports of v6 security breaches but analysis of logs so far either indicates that the entry point was via modified code (which introduced a vulnerability) or was not done through the scripts themselves (i.e. an FTP hack, possibly due to a client side security breach).

As with all security related reports, we keep an open mind and would welcome web logs from any site which has had security issues in order to investigate.