[VIM] vendor ack for "mambo-phphop Product Scroller Module R.F.I"
jericho at attrition.org
Thu Aug 24 05:50:56 EDT 2006
: which became
Maybe I jumped the gun here =)
First, looking at the files listed in the disclosure vs the files
available in the full VirtueMart package:
We see the files from the advisory in the various sub packages. So looks
like we have the product in question. Now..
: mambo-phpShop Security Alert
: Monday, 21 August 2006
: This is a security alert for all mambo-phpShop users. If you are still using
: mambo-phpShop at an older version than "mambo-phpShop 1.2-stable", your
: webshop is at a security risk.
: Please note that VirtueMart is not affected by this security issue.
and farther down that i didnt quote originally:
There's an easy fix for this problem:
Find the file
/administrator/components/com_phpshop/toolbar.phpshop.html.php and add
defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not
and throw in this part:
This security issue is was first discovered by mambo-phpShop users on
August 19 / 20 and is still not made public, so you have still time to
fix your installation.
so it appears this is a seperate issue completely
More information about the VIM