|
Hello Visitor,
A vulnerability was discovered in HikaShop with the order edition interface of the backend. It would allow unauthorized access to the data in the database. Note that this requires the attacker to have already a backend access to your Joomla and to the order management area of HikaShop.
Also, this vulnerability was introduced with the addition of the payment methods restriction of custom fields in HikaShop 4.4.1, so prior versions of HikaShop are not concerned.
We published a new version of HikaShop, the 4.7.3 which includes several patchs to prevent this attack, so please update your HikaShop to the latest version.
|
|