Geo Burlibasa Posted March 12, 2020 Share Posted March 12, 2020 In Prestashop 1.7.6.4 s-a rezolvat o problema de securitate majora, care este descrisa de comunitatea Prestashop prin "Possible information steal". Mai concret, formularele de "Identitate" si "Adresa" permit clientilor sa preia si sa modifice informatiile personale ale oricarui client. Versiunile afectate: 1.7.0.0 -> 1.7.6.3 Problema se rezolva prin update la 1.7.6.4 sau prin aplicarea manuala a patch-ului de aici:https://github.com/PrestaShop/PrestaShop/commit/a4a609b5064661f0b47ab5bc538e1a9cd3dd1069 Pentru cei care doresc rezolvarea problemei dar nu vor sa-si prinda urechile in cod, o sa prioritizez in zilele urmatoare toate mentenantele legate de problema asta, din moment ce are implicatii asupra GDPR. Sursa: https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mhfc-6rhg-fxp3 Link to comment Share on other sites More sharing options...
zaurus Posted March 12, 2020 Share Posted March 12, 2020 Hai sa nu ne panicam! Da, exista - a existat - o vulnerabilitate dar nu e chiar asa de grava precum ai prezentat-o. La fel ca si la coronavirus... :)) Link to comment Share on other sites More sharing options...
Geo Burlibasa Posted March 12, 2020 Author Share Posted March 12, 2020 Pe GitHub e prezentata ca o problema de securitate critica, cine sunt eu sa-i contrazic? 1 Link to comment Share on other sites More sharing options...
zaurus Posted March 12, 2020 Share Posted March 12, 2020 A venit informare si de la Prestashop, exista si documentare la vulnerabilitate. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now