Hi,I have the webmail add-on disabled on my store, despite this, I got an automated message from my server last night saying that a new script is now running;
/public_html/addons/webmail/lib/webmail/web/admin/index.php:0: /home/cscrush/public_html/addons/webmail/lib/webmail/web/admin/index.php:1: <?php header('Location: ../mailadm.php'); ?>/public_html/addons/webmail/lib/webmail/web/admin/index.php:2: —
Given that the webmail directory might provide a vulnerability and that I don’t use it, can simply delete the whole directory to be on the safe side?
Thanks,
Scott.
Hello Scott,
Thank you for your message.
Yes, you can remove this directory and its contents if you are not planning to use the “Webmail” add-on.
As regards the fact that the PHP script was running on your server, it is the default functionality that this add-on works by executing the appropriate script from the “addons/webmail/lib/webmail/web/admin” directory of your CS-Cart installation by a direct URL. But you should not worry about it as long as long as this script can be executed properly only if the “Webmail” add-on is enabled and you have an active session in the administration panel.
—
Pavel Zyukin
CS-Cart Support team
Hi Pavel, I appreciate your reply, thanks!
Hello Scott,
You are welcome.
—
Pavel Zyukin
CS-Cart Support team