Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
to your account
Anyone got the right codename?
The text was updated successfully, but these errors were encountered:
@gwillem are you asking for the module name?
Sorry, something went wrong.
Indeed! The referenced article is now down, but it's still viewable via Google Cache (and I've made a local copy).
The attack vector is a POST to /index.php/AvisVerifies/dialog/index/, as was reported earlier by @pocallaghan
Cheers. I bet the culprit is in here: https://github.com/madef/Netreviews_Avisverifies/blob/91d89ef77a37c1ec0be171c2b84365d78e3192f4/Helper/API.php#L70
@gwillem I believe there is a new version (v2.14.0), which no longer contains that constructor. https://marketplace.magento.com/netreviews-verifiedreviews.html#product.info.details.release_notes
Netreviews/Avisverifies Security Flaw
Please see https://xn--gran-8qa.fi/magento-1-netreviews-avisverifies-security-flaw/ for the context.
Successfully merging a pull request may close this issue.