Squirrelcart Security Patch #SC101022
Release date: 10/22/2010

Blind SQL Injection vulnerability patch
Affected Squirrelcart versions: v3.0.0 - 3.2.1

How to find your version number:
---------------------------------------------------------------------
You can locate your Squirrelcart version in the upper right hand corner of your control panel.


Patch Info and Instructions
---------------------------------------------------------------------
This is a patch for protecting against a Blind SQL Injection vulnerability that was discovered on 10/22/2010.

You can get more information on Blind SQL Injection vulnerabilities here: http://www.owasp.org/index.php/Blind_SQL_Injection

While this patch will protect against this vulnerability, it's always a good idea to keep your installation up to date. 
Upgrading to the latest Squirrelcart release (v3.2.2 as of this writing) will provide protection against this vulnerability and also fix all known bugs to date. 
If you are running version 3.0.0 - 3.2.1 and prefer not to upgrade, you can apply this patch by following the instructions below.

Instructions for applying patch:
1. Backup your installation
2. Locate the folder in this patch corresponding to the version of Squirrelcart you are running
3. Inside that folder you will find a single file. Upload that file to your "squirrelcart" folder, overwriting files when prompted.

If you need assistance regarding this, please contact us using our helpdesk:
https://www.ldev.com/helpdesk/