Jump to content

Big security bug?


baltimirc

Recommended Posts

Hello,

 

Recently I am receiving free orders valued at more than $500. Seeing the details of those orders I see that several non-public coupons have been applied to deduce the 100% of the order value.

 

All those coupons are non-public so I realise someone can access to those codes. Obviously I don't know how.

 

I get this problem in USA orders and also Chile orders, so is not the same person who can be hacked my backoffice.

 

The prestashop version is: 1.6.1.6.

 

Anyone had this problem also?

 

Bernat.

Edited by baltimirc (see edit history)
Link to comment
Share on other sites

Any of those coupons are public so I realise someone can access to those codes. Obviously I don't know how.

 

 

 
What do you mean "public"? you mean non-public?
If it can be applied to any user, then anyone can use it. it is better to set restrictions and conditions of the coupons.
Your coupon code may exposed to public users or spread over by some users you gave.
You can also try to re-generate the coupon code at cart rules management page so old code will not be used.
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...