Attention osCMax/BTS users:

We have been notified of a vulnerability in the BTS system that will allow a user to view/execute arbitrary files on a server.
If you are using osCMax or BTS with standard osCommerce, this bug affects you. This bug is fairly severe, and should be corrected immediately.

The osCMax current v1.7 download file has been patched as of today.

The following files are affected:

main_page.tpl.php
popup.tpl.php

Because this problem is with the BTS template files, the best way to fix this is manually, as a patch file would most certainly break any customized template. The vulnerable code is found in all the different templates (aabox, osC, OneTable, etc) and you should patch the code in all template directories, if they remain on your server. It is also recommended that you remove any template directories that you are not using.

Thank you,

Michael Sasek
osCDox.com

If you do not have any of the vulnerable code in your templates, you are not affected by this bug.

Below you will find instructions on how to correct this issue. :

****** Begin Vulnerability Fix ********
--------------------------------------------------------
In main_page.tpl.php find:
Code:
<?php if ($javascript) { require(DIR_WS_JAVASCRIPT . $javascript); } ?>
Replace with:
Code:
<?php if (isset($javascript) && file_exists(DIR_WS_JAVASCRIPT . basename($javascript))) { require(DIR_WS_JAVASCRIPT . basename($javascript)); } ?>

---------------------------------------------------------

Find:
Code:
if (isset($content_template)) {
Replace with:
Code:
if (isset($content_template) && file_exists(DIR_WS_CONTENT . basename($content_template))) {
----------------------------------------------------------

Find:
Code:
require(DIR_WS_CONTENT . $content_template);
Replace with:
Code:
require(DIR_WS_CONTENT . basename($content_template));
----------------------------------------------------------
In popup.tpl.php find:

Code:
<?php if ($javascript) { require(DIR_WS_JAVASCRIPT . $javascript); } ?>
Replace with:
Code:
<?php if (isset($javascript) && file_exists(DIR_WS_JAVASCRIPT . basename($javascript))) { require(DIR_WS_JAVASCRIPT . basename($javascript)); } ?>
******* End Vulnerability Fix ********