You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This has already been patched and is available by updating OpenBay Pro directly (not required to update OpenCart).
The bug reports "the bug is more about privilege escalation as attacker may need openbay module access ." - this is true and is extremely unlikely that there is an exploit here as any of this code needs to be passed through authentication of the module by the API token and secret first anyway (unless a merchant wants to run bad code on their own store!).
We do still advise that merchants update versions as they are released anyway.
http://security-geeks.blogspot.com/2014/03/opencart-1561-sql-injection.html
The text was updated successfully, but these errors were encountered: