Let’s dig into the problem immediately. Let’s check if you have installed “JSCOMPOSER” in your module, please click the following URL. Change the name of myshopurl.com accordingly.
https://myshopurl.com/modules/jscomposer/views/dialog.php
When you can open a upload popup windows without admin login, it means your website is encountered a security hole. It is because the hacker can upload a malware thru here. The most common is they upload a php malware and run it directly.
In order to fix this security issue, here are two options.
1/. update the JSCOMPOSER newer version at least 4.4.18
2/. edit the following files.
a. Find the file /modules/jscomposer/views/config/config.php
and edit it.
b. find a source code similar to this:
c. insert the following code between lines 6 and 7:
if (!isset(Context::getContext()->employee) || !Context::getContext()->employee->isLoggedBack()) {
die(‘forbiden’);
d. look like this
If you still don’t know how to do this, please feel free to contact us via chatbot.
the source comes from
https://www.rolige.com/en/blog/prestashop-tips/security-breach-in-visual-composer-module-solution
There are no reviews yet.