Security Vulnerabilities in Visual Composer module (offer SOLUTION)
Let’s dig into the problem immediately. Let’s check if you have installed “JSCOMPOSER” in your module, please click the following URL. Change the name of myshopurl.com accordingly.
https://myshopurl.com/modules/jscomposer/views/dialog.php
When you can open a upload popup windows without admin login, it means your website is encountered a security hole. It is because the hacker can upload a malware thru here. The most common is they upload a php malware and run it directly.
In order to fix this security issue, here are two options.
1/. update the JSCOMPOSER newer version at least 4.4.18
2/. edit the following files.
a. Find the file /modules/jscomposer/views/config/config.php
and edit it.
b. find a source code similar to this:
c. insert the following code between lines 6 and 7:
if (!isset(Context::getContext()->employee) || !Context::getContext()->employee->isLoggedBack()) {
die(‘forbiden’);
d. look like this
If you still don’t know how to do this, please feel free to contact us via chatbot.
the source comes from
https://www.rolige.com/en/blog/prestashop-tips/security-breach-in-visual-composer-module-solution
Related Post
How to Configure OpenEMR Admin Patients (Cantonese)
Deprecated: Function create_function() is deprecated in /opt/lampp/htdocs/genkiware/wp-content/themes/optima/single.php on line 185
Voice Search is an eCommerce Trend in 2022
Deprecated: Function create_function() is deprecated in /opt/lampp/htdocs/genkiware/wp-content/themes/optima/single.php on line 185
Do you know that voice search has become the eCommerce…
There are no reviews yet.