Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Sql Injection Vulnerability In Alexbranding `product Of The Day` Rate Topic   - - - - -

 
  • harmsmitsdev
  • Advanced Member
  • Members
  • Join Date: 22-Feb 20
  • 64 posts

Posted 19 October 2020 - 12:44 PM #1

Hello,

 

About one and a half week ago, an SQL injection vulnerability located in the `Product of the Day` add-on caught my attention. Since then, the according changes have been made to the `Product of the Day` add-on from AlexBranding. Therefore, it is of the utmost importance that you update the `Product of the Day` addon.

 

My research has shown that this vulnerability has been present since at least version 1.4, therefore all those affected are urged to either disable/update the addon or contact AlexBranding at the earliest convenience.

 

Exploit details and research will be published later next month to give all those affected a fair chance at patching their vulnerable software.

 

Kind regards,



 
  • alexbranding
  • Junior Member
  • Authorized Reseller
  • Join Date: 22-Aug 10
  • 1191 posts

Posted 28 October 2020 - 10:29 AM #2

Hi, we will publish a solution for users with old and non updated versions of add-on.

Thank you for your your unrivaled motivation in this question.


Alexbranding = best seo addons and themes for cs-cart