Following my last blog post about the security issues with OpenCart, I have released a secured version of OpenCart which current contain the following security fixes:
- CSRF Protection
- Local File Injection
- Disabled ability to view source code in template files (htaccess.txt must be renamed to .htaccess)
You can download a copy from: http://github.com/bmaynard/OpenCart-Secured
If you find any bugs or issues then please report them and I will try and fix them.