Jump to content
thirty bees forum

WBNet-Wout

Trusted Members
  • Posts

    3
  • Joined

  • Last visited

WBNet-Wout's Achievements

Newbie

Newbie (1/14)

  • One Month Later
  • Week One Done
  • First Post
  • Conversation Starter

Recent Badges

0

Reputation

  1. PrestaShop has now made a patch available to fix the vulnerability: https://github.com/PrestaShop/PrestaShop/commit/f342765697f5f980e4c6bb537f6575bf5e657077
  2. @musicmaster: I do not think so. https://github.com/PrestaShop/blockwishlist/commit/be79516175d564f60a657627482b0a60c3da353e seems to be the commit fixing it, but that file does not even exist in the thirty bees module. @datakick: The PrestaShop article however mentions that the attacker is able to enable using MySQL Smarty cache storage features remotely and that is why they recommend removing those lines, so that if the attacker enables it remotely it will not actually be enabled due to lacking the code for that. Unfortunately there does not seem to be any detail on how the attacker is able to enable it remotely.
×
×
  • Create New...