Version 6 contains a lot of additional coding to protect against XSS, SQL injection, session spoofing and other attacks, that makes it considerably harder to attack, and it is STRONGLY recommended that you upgrade to the latest release if at all possible. If you are running an older version, there's a greater chance that a hacker can get access to secure areas of your store and once they get in there, they have access to a lot of things that could compromise your site. Be sure to use strong passwords, change your username regularly, use SFTP if possible, etc. to keep your site secure, but this code helps ensure that they can't upload and hide a CFM file and run it on your server from a hidden subdirectory. In the Application.cfm file, replace this section of code (the exact file list may differ depending on your version):
with this code:
AND "#GetDirectoryFromPath(GetCurrentTemplatePath())#go.cfm" NEQ GetBaseTemplatePath()
AND "#GetDirectoryFromPath(GetCurrentTemplatePath())#image.cfm" NEQ GetBaseTemplatePath()
AND "#GetDirectoryFromPath(GetCurrentTemplatePath( ))#adminindex.cfm" NEQ GetBaseTemplatePath()>
Please note, if your store is not in your webroot directory, be sure to include the path to the store in the cflocation (such as url="/store/index.cfm"). Also depending on your version, the list of files allowed may be slightly different than these, so adjust as necessary.