This is a discussion on Whos online Vunerability Fix within the New osCommerce Contributions forums, part of the osCommerce 2.2 Forums category; Found a security issue in catalog/includes/functions/whos_online.php line 30: $wo_last_page_url = getenv('REQUEST_URI'); Replace with: $wo_last_page_url = htmlspecialchars(getenv('REQUEST_URI')); This XSS Vulnerability affects ...
Whos online Vunerability Fix Found a security issue in catalog/includes/functions/whos_online.php
line 30:
$wo_last_page_url = getenv('REQUEST_URI');
Replace with:
$wo_last_page_url = htmlspecialchars(getenv('REQUEST_URI'));
This XSS Vulnerability affects the adminpanel->Whos online
a hacker could easily grab your admin cookie.
More...
Michael Sasek
osCMax Developer
osCmax Installation Service - Have our professionals install osCmax on your server - same day service!
osCmax 2.5 User Manual - the must have beginners guide to osCmax v2.5
Stay Up To Date with everything osCMax:
Free osCmax Newsletters - Security notices, New Releases, osCMax News
osCmax on Twitter - Up to the minute info as it happens. Know it first.
osCmax Documentation
Re: Whos online Vunerability Fix Thanks- applied new code. Works fine.
Re: Whos online Vunerability Fix Same here, thank-you Michael
Posting Permissions
LinkBack URL
About LinkBacks
Bookmarks