Phoca Forum

Support for Phoca Extensions
https://www.phoca.cz/forum/

Security Issues VM IDnR Addon

https://www.phoca.cz/forum/viewtopic.php?t=20572

Page 1 of 1

Security Issues VM IDnR Addon

Posted: 27 Jul 2012, 18:38
by smedi08
Hi, I detect that all user have acces to this URL

ndex.php?option=com_phocapdf&view=pdf&format=phocapdf&tmpl=component&type=invoice&order_id=238&delivery_id=98, change order_id the user have grant access to order data and confidencial personal data.

I consider this issue very important. I have desactivate the plugin, have this issue solution....

Is very dangerous for all customer using this component

Re: Security Issues VM IDnR Addon

Posted: 11 Aug 2012, 19:05
by Jan
Hi, thank you for this info, fixed in version 1.0.2 (plugin version, just update it)
https://www.phoca.cz/download/category/4 ... art-plugin
Jan

Re: Security Issues VM IDnR Addon

Posted: 28 Sep 2012, 20:41
by smedi08
Hi, the problem is solved but any i have a news issues.
The admin can´t view the invoice from backend and not automatic invoice on change status order is generated
The config in the componet has changed....i don´t modified the email text sent to customer this option not appear
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited