Security Vulnerabilities in Visual Composer module (offer SOLUTION)
Let’s dig into the problem immediately. Let’s check if you have installed “JSCOMPOSER” in your module, please click the following URL. Change the name of myshopurl.com accordingly.
https://myshopurl.com/modules/jscomposer/views/dialog.php
When you can open a upload popup windows without admin login, it means your website is encountered a security hole. It is because the hacker can upload a malware thru here. The most common is they upload a php malware and run it directly.
In order to fix this security issue, here are two options.
1/. update the JSCOMPOSER newer version at least 4.4.18
2/. edit the following files.
a. Find the file /modules/jscomposer/views/config/config.php and edit it.
b. find a source code similar to this:
c. insert the following code between lines 6 and 7:
if (!isset(Context::getContext()->employee) || !Context::getContext()->employee->isLoggedBack()) {
die(‘forbiden’);
d. look like this
If you still don’t know how to do this, please feel free to contact us via chatbot.
the source comes from
https://www.rolige.com/en/blog/prestashop-tips/security-breach-in-visual-composer-module-solution
Related Post
Enable Time Picking When Setting Specific Price
Deprecated: Function create_function() is deprecated in /opt/lampp/htdocs/genkiware/wp-content/themes/optima/single.php on line 185
Sometime if you browse the category page when you have…
How to Configure OpenEMR Admin Global (Cantonese)
Deprecated: Function create_function() is deprecated in /opt/lampp/htdocs/genkiware/wp-content/themes/optima/single.php on line 185
There are no reviews yet.