Jump to content

Edit History

karcharoth

karcharoth

Quote

First you should change the admin folder name, too simple 😞 Then alert doofinder editor that they have a security issue, this is important.

The admin folder name has been already changed. As to the module - well, the point is that the doofinder module was never present in any of our shop - I have never used it, never uploaded it, never heard about it.

The scenerio is quite similar to this vulnerability https://build.prestashop-project.org/news/2022/major-security-vulnerability-on-prestashop-websites/, but hackers didn't execute any real module .php file. We have also applied the given fix (config/smarty.config.inc.php on your PrestaShop install, and remove lines 40-43 (PrestaShop 1.6)), but it did not solve the problem.

karcharoth

karcharoth

Quote

First you should change the admin folder name, too simple 😞 Then alert doofinder editor that they have a security issue, this is important.

The admin folder name has been already changed. As to the module - well, the point is that the doofinder module was never present in any of our shop - I have never used it, never uploaded it, never heard about it.

The scenerio is quite similar to this vulnerability https://build.prestashop-project.org/news/2022/major-security-vulnerability-on-prestashop-websites/, but hackers didn't execut any physical module .php file. We have also applied the given fix (config/smarty.config.inc.php on your PrestaShop install, and remove lines 40-43 (PrestaShop 1.6)), but it did not solve the problem.

karcharoth

karcharoth

Quote

First you should change the admin folder name, too simple 😞 Then alert doofinder editor that they have a security issue, this is important.

The admin folder name has been already changed. As to the module - well, the point is that the doofinder module was never present in any of our shop - I have never used it, never uploaded it, never heard about it.

×
×
  • Create New...