Hi, I detect that all user have acces to this URL
ndex.php?option=com_phocapdf&view=pdf&format=phocapdf&tmpl=component&type=invoice&order_id=238&delivery_id=98, change order_id the user have grant access to order data and confidencial personal data.
I consider this issue very important. I have desactivate the plugin, have this issue solution....
Is very dangerous for all customer using this component
Security Issues VM IDnR Addon
-
Jan
- Phoca Hero
- Posts: 48386
- Joined: 10 Nov 2007, 18:23
- Location: Czech Republic
- Contact:
Re: Security Issues VM IDnR Addon
Hi, thank you for this info, fixed in version 1.0.2 (plugin version, just update it)
https://www.phoca.cz/download/category/4 ... art-plugin
Jan
https://www.phoca.cz/download/category/4 ... art-plugin
Jan
If you find Phoca extensions useful, please support the project
-
smedi08
- Phoca Newbie
- Posts: 3
- Joined: 04 Jan 2012, 00:50
Re: Security Issues VM IDnR Addon
Hi, the problem is solved but any i have a news issues.
The admin can´t view the invoice from backend and not automatic invoice on change status order is generated
The config in the componet has changed....i don´t modified the email text sent to customer this option not appear
The admin can´t view the invoice from backend and not automatic invoice on change status order is generated
The config in the componet has changed....i don´t modified the email text sent to customer this option not appear