Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Users account details populating other users forms Rate Topic   - - - - -

 
  • niddocks
  • Junior Member
  • Members
  • Join Date: 07-Nov 07
  • 29 posts

Posted 04 September 2012 - 12:25 PM #1

One of our clients shops running cs-cart 1.3.5 sp4 is having some issues with unintentionally sharing user data.

3 users in the last 6 days have phoned up the owners of the store as they have a pre-populated address details form with a random users address details from the cscart_user_profiles table after clicking to checkout (the populated user account is not the same in either of the 3 occurrences ).

One of the users also reported her basket being pre-populated once she added her first item. e.g. She added an item and then her basket said she had 8 items and they were all random. We assume somehow she has managed to get another users basket from the database somehow. This is based on the user data that populated her address details form having the same user id as a stored session product for the item that the lady ordered. I.e the product she ordered was stored in the database under another users account. This other users account details where used when the lady began to checkout.

This is obviously a big issue as users are loosing faith in the store when they see that their details may not be secure. We have not been able to trace the reason this is happening. Has this happened before and what is the fix?

Upgrading the store is not within the clients budget at this time so please only post if you have a fix for this issue in 1.3.5 rather than suggesting an upgrade.