Security Issues with qEngine Family

There are some reports about security problems with qEngine & its family (Kemana & Cart Engine). The security problems are as follow:

Administrators can upload harmful files, eg: php, cgi, etc.
Some modules may be run with dangerous parameters (administrators only).
Predictable database back up files.

Problems #1 & #2 are only accessible from administration panels only, so it can't be accessed by guests or regular users (non administrators). Regular users simply can't access the administration panel & can't upload such files. So my advice for these problems is to give administrators access to trusted people only (which you should have been done in the first place, btw). If you are the only administrator in your site, you are very safe.

And for problem #3, my advice is to rename the database backup files in /admin/backup folder. Or better yet, delete the files after you have downloaded them.

These problems will be fixed in the future releases.

If you have any questions about these problems, don't hestitate to contact me.

Posted On: Mar-21-2014 @ 09:15pm

Last Updated: Mar-23-2014 @ 02:36pm

There is no comment. Why not be the first?

More Comments/Post Your Own

Blogs

Latest Comments

Guest on qEngine 17 Now Available with BootStrap 4
“Looks Good!” - Aug 02
martynripley89 on Security Issues with qEngine Family
“cyberSecure” - Jun 27
Guest on Forum
“re:BB code or html in item_details” - Jun 26
Guest on Forum
“BB code or html in item_details” - Jun 26
Guest on Forum
“noFollow links.” - Jun 19

Online Users

There are 29 users online.

Connect

Connect with us on Facebook

Subscribe to our newsletter for the latest updates and exciting promotions!

Security Issues with qEngine Family

There is no comment. Why not be the first?

Blogs

Latest Comments

Most Commented

Online Users

Connect

Newsletter

Tools

Pages

C97net • Free PHP Directory Script & Online Shopping Cart

Powered By