June 01 2017

A security release, HikaShop 3.1.1 was released for a security issue reported on the Business edition. Read more about the specifics here

Today, a security issue was reported to us. The issue is a SQL injection which is possible if you have configured a sort filter via the menu Display>Filters and activated it on your website. This is only possible with the Business edition so HikaShop Essential and HikaShop Starter are not concerned.

We've immediately released a new version of HikaShop, the 3.1.1, which contains the fix for that among a few other fixes. You can read the change log on this page.

If, for some reason you can't update your HikaShop Business, you can replace the code:

$type = $infos[0];
$type = hikashop_secureField($infos[0]);
in the file administrator/components/com_hikashop/classes/filter.php

Keep in touch folks.
Team HikaShop