Security Vulnerabilities in Visual Composer module (offer SOLUTION)

Security Vulnerabilities in Visual Composer module (offer SOLUTION)

Let’s dig into the problem immediately. Let’s check if you have installed “JSCOMPOSER” in your module, please click the following URL. Change the name of myshopurl.com accordingly.

https://myshopurl.com/modules/jscomposer/views/dialog.php

When you can open a upload popup windows without admin login, it means your website is encountered a security hole. It is because the hacker can upload a malware thru here. The most common is they upload a php malware and run it directly.

In order to fix this security issue, here are two options.

1/. update the JSCOMPOSER newer version at least 4.4.18

2/.  edit the following files.

a. Find the file /modules/jscomposer/views/config/config.php and edit it.

b. find a source code similar to this:

c. insert the following code between lines 6 and 7:
if (!isset(Context::getContext()->employee) || !Context::getContext()->employee->isLoggedBack()) {
die(‘forbiden’);

d. look like this

If you still don’t know how to do this, please feel free to contact us via chatbot.

the source comes from
https://www.rolige.com/en/blog/prestashop-tips/security-breach-in-visual-composer-module-solution

There are no reviews yet.

Leave a Reply

Your email address will not be published. Required fields are marked *



Start typing and press Enter to search