We have become aware of a security vulnerability in Shop-Script PRO and PREMIUM versions (predecessors of WebAsyst Shop-Script), which allowed performing SQL-injections in storefront. Input data was not properly handled by index.php, cart.php and printable.php scripts.

We have released a security patch to fix this vulnerability.

All users of Shop-Script PRO and PREMIUM (important!): we highly encourage you to download and install this patch! If you purchased PRO or PREMIUM versions, the patch is available for download inside your WebAsyst Customer Center account (”Download — Shop-Script PRO and PREMIUM” screen). Installing is easy: download and replace your files with the files from the patch (index.php, cart.php, printable.php and all other files from the archive).

Users of WebAsyst Shop-Script: no need to do anything. No vulnerabilities have been found in WebAsyst Shop-Script so far.

If you have any questions, please contact customer support.

Cart of the week: WebAsyst Shop-Script in Practical eCommerce magazine:

http://www.practicalecommerce.com/articles/1102-Cart-of-the-Week-Shop-Script-by-WebAsyst