Server CXS Scan - file found

  • Posts: 300
  • Thank you received: 6
  • Hikaserial Standard Hikaserial Subscription Hikashop Business
9 months 1 week ago #293830

-- url of the page with the problem -- : divorcetoolbox.com
-- HikaShop version -- : 3.4.0
-- HikaSerial version -- : 2.1.1
-- Joomla version -- : 3.8.8
-- PHP version -- : 7.2.6
-- Browser(s) name and version -- : various - updated

I got an email today from my server CXS scanner.

'/home/divotlbx/public_html/administrator/components/com_hikaserial/inc/tcpdf/include/tcpdf_fonts.php'
Regular expression match = [symlink\s*\(]

I looked at the file and it is referring to this line:
symlink($fontfile, $outpath.$fmetric['file']);

I don't see any 'actual' hacking so is this a false positive result?

Please Log in or Create an account to join the conversation.

  • Posts: 23343
  • Thank you received: 3627
  • MODERATOR
9 months 1 week ago #293832

Hello,

The file is part of the TCPDF lib, it is not part of HikaSerial.
But, during the packaging of the lib into HikaSerial, the basis Joomla security are added ; so the file cannot be include directly.

Regards,


Jerome - Obsidev.com
HikaMarket & HikaSerial developer / HikaShop core dev team.

Also helping the HikaShop support team when having some time or couldn't sleep.
By the way, do not send me private message, use the "contact us" form instead.

Please Log in or Create an account to join the conversation.

Moderators: Obsidev
Time to create page: 0.056 seconds
Powered by Kunena Forum