Currently I'm using CS Cart MV 4.8.1.SP1.
Recently, I had user who signed up to store with following information:
file_get_contents test;@gmail.com
That user logged in several times to store and I think that person is trying to SQL inject into CS Cart.
When I checked the log, the IP address is coming from Hong Kong.
Should I be concerned regarding the security issues on CS Cart?
Can you let me know if there's security flaw on CS Cart that this type things would cause security issues?
Good day. Please contact CS-Cart team and provide them with full logs. This is community forum and I am not sure if someone can help you here
Hello,
As far as I can see eval or similar functions are not used on usernames, hence this wouldnt be a security risk. You can always ask CS-Cart this question, provided you give them access to the required information. Next time, please dont use a misleading title like this, this indicates you have a 'urgent security risk' instead of a 'possible security risk', see how that changes the enitre meaning of your post?
Kind regards,
Even if it were eval'd, it would generate syntax error