Critical Security Vulnerability in BVC 2013-2015 SP2

We discovered a critical security vulnerability affecting BV Commerce 2013-2015 SP2. The vulnerability is specific to a feature not widely used, but we are strongly recommending that merchants apply the hotfix immediately (see details below). Due to the nature of this vulnerability we are not publicly disclosing the details so that it cannot be exploited.

If you have any questions please open a support ticket. Be sure to enter your store's domain name and use either the email address associated with your account/license or an email address with the same domain name as your store. This will allow us to quickly verify your identity.

If you work with a BV Commerce partner please know that they have already been alerted to the details of the vulnerability and are prepared to quickly apply the hotfix to your store.

Installing the Hotfix

Sign in to your account and click the "View Downloads" button. Click the "Download" link next to "BV Commerce 2013-2015 SP2 - security hotfix #1" (the first download in the list). Unzip the downloaded file and copy the contents of the "www" folder to the root of your BV Commerce website, overwriting the previous files. In the unlikely event that these files were customized you will need to merge your customizations with the updated files.