Security Issues with qEngine Family

There are some reports about security problems with qEngine & its family (Kemana & Cart Engine). The security problems are as follow:

  1. Administrators can upload harmful files, eg: php, cgi, etc.
  2. Some modules may be run with dangerous parameters (administrators only).
  3. Predictable database back up files.

Problems #1 & #2 are only accessible from administration panels only, so it can't be accessed by guests or regular users (non administrators). Regular users simply can't access the administration panel & can't upload such files. So my advice for these problems is to give administrators access to trusted people only (which you should have been done in the first place, btw). If you are the only administrator in your site, you are very safe.

And for problem #3, my advice is to rename the database backup files in /admin/backup folder. Or better yet, delete the files after you have downloaded them.

These problems will be fixed in the future releases.

If you have any questions about these problems, don't hestitate to contact me.


Posted On: Mar-21-2014 @ 09:15pm
Last Updated: Mar-23-2014 @ 02:36pm

There is no comment. Why not be the first?

More Comments/Post Your Own

Advertisement

Online Users

There are 85 users online.

Connect

Connect with us on Facebook

Newsletter

Subscribe to our newsletter for the latest updates and exciting promotions!