A security release, HikaShop 3.1.1 was released for a security issue reported on the Business edition. Read more about the specifics here
Today, a security issue was reported to us. The issue is a SQL injection which is possible if you have configured a sort filter via the menu Display>Filters and activated it on your website. This is only possible with the Business edition so HikaShop Essential and HikaShop Starter are not concerned.
We've immediately released a new version of HikaShop, the 3.1.1, which contains the fix for that among a few other fixes. You can read the change log on this page.
If, for some reason you can't update your HikaShop Business, you can replace the code:
$type = $infos[0];by:
$type = hikashop_secureField($infos[0]);in the file administrator/components/com_hikashop/classes/filter.php
Keep in touch folks.
Team HikaShop
