Looks like you have to explain it in more details to them. It's to be expected when reporting security vulnerabilities, some will just ignore them, others will just dismiss the possibility, others will say they will fix and then do nothing, some will even get abusive.websiteworld wrote: ↑Sat Mar 22, 2025 8:14 pmDeveloper claims there isn't an issue as noted here. :-0
See attached.
I sent them the server logs. I posted this thread in the ticket as well, but they were quick to dismiss the claim as you can see!
They did mentioned about model file . You can share your model file here.
Also do share where is the part of code which is in discussion.
Also do share where is the part of code which is in discussion.
Got a burning question at 3 AM that even Google shrugs at? There’s a not-so-secret inbox that might just have your answer: khnaz35@gmail.com
Breathe in some nature while you're at it. It’s cheaper than therapy. 
Feel free to sling a bear my way via PayPal @ khnaz35@gmail.com
The code is discussed on page 1, several people said it's vulnerable to attack.
I think all that was a diversionary tactic. The file impacted was called seo_url.php, and it was created by their extension. The file is gone now that the review extension is removed.
They contradicted themselves in another post as well
Attachments
???If you are only mentioning about part of code the fixed I already provide you can give it short 
Got a burning question at 3 AM that even Google shrugs at? There’s a not-so-secret inbox that might just have your answer: khnaz35@gmail.com
Breathe in some nature while you're at it. It’s cheaper than therapy.
Feel free to sling a bear my way via PayPal @ khnaz35@gmail.com
Search through the xml column of the oc_modification table for part of the vulnerable code. This should tell you which OCMOD added it.
Not useless at all. You SHOULD NOT be running a live ecommerce website on an unmanaged server if you don't understand the basics of server administration and server security.websiteworld wrote: ↑Fri Mar 21, 2025 11:06 pmThese kind of comments are useless. Nothing happened on the server, the attempt failed and was easily mitigated. As other helpful users pointed out, this is an issue with an add on or Journal Theme and the code needs revised! Thanks to those who pointed this out, will report the bug.paulfeakins wrote: ↑Thu Mar 20, 2025 8:28 pmYou really shouldn't be running a live web server on an ecommerce site if you don't know how to protect against this sort of thing.
UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk
HI
here print screen with fix code which we already applied on module file
https://prnt.sc/D1ZyFTVMra2f
Thank you
here print screen with fix code which we already applied on module file
https://prnt.sc/D1ZyFTVMra2f
Thank you
If the code has been fixed you can close this thread. Just add [SOLVED] in the first post title.
Got a burning question at 3 AM that even Google shrugs at? There’s a not-so-secret inbox that might just have your answer: khnaz35@gmail.com
Breathe in some nature while you're at it. It’s cheaper than therapy.
Feel free to sling a bear my way via PayPal @ khnaz35@gmail.com
Who knows, the developer vehemently denied there was any vulnerability despite citing this thread. We simply removed the extension and files from the server. Problem solved.
I'll mark [SOLVED] then.
UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk
Who is online
Users browsing this forum: nonnedelectari and 12 guests
