Security Issues VM IDnR Addon

Before you ask about IDnR Addon see the VirtueMart - Invoice, Delivery Note and Receipt Addon
smedi08
Phoca Newbie
Phoca Newbie
Posts: 3
Joined: 04 Jan 2012, 00:50

Security Issues VM IDnR Addon

Post by smedi08 »

Hi, I detect that all user have acces to this URL

ndex.php?option=com_phocapdf&view=pdf&format=phocapdf&tmpl=component&type=invoice&order_id=238&delivery_id=98, change order_id the user have grant access to order data and confidencial personal data.

I consider this issue very important. I have desactivate the plugin, have this issue solution....

Is very dangerous for all customer using this component
User avatar
Jan
Phoca Hero
Phoca Hero
Posts: 48403
Joined: 10 Nov 2007, 18:23
Location: Czech Republic
Contact:

Re: Security Issues VM IDnR Addon

Post by Jan »

Hi, thank you for this info, fixed in version 1.0.2 (plugin version, just update it)
https://www.phoca.cz/download/category/4 ... art-plugin
Jan
If you find Phoca extensions useful, please support the project
smedi08
Phoca Newbie
Phoca Newbie
Posts: 3
Joined: 04 Jan 2012, 00:50

Re: Security Issues VM IDnR Addon

Post by smedi08 »

Hi, the problem is solved but any i have a news issues.
The admin can´t view the invoice from backend and not automatic invoice on change status order is generated
The config in the componet has changed....i don´t modified the email text sent to customer this option not appear
Post Reply