2. Security
  3. Security Issues with qEngine Family

Security Issues with qEngine Family

There are some reports about security problems with qEngine & its family (Kemana & Cart Engine). The security problems are as follow:

  1. Administrators can upload harmful files, eg: php, cgi, etc.
  2. Some modules may be run with dangerous parameters (administrators only).
  3. Predictable database back up files.

Problems #1 & #2 are only accessible from administration panels only, so it can't be accessed by guests or regular users (non administrators). Regular users simply can't access the administration panel & can't upload such files. So my advice for these problems is to give administrators access to trusted people only (which you should have been done in the first place, btw). If you are the only administrator in your site, you are very safe.

And for problem #3, my advice is to rename the database backup files in /admin/backup folder. Or better yet, delete the files after you have downloaded them.

These problems will be fixed in the future releases.

If you have any questions about these problems, don't hestitate to contact me.

Posted On: Mar-21-2014 @ 09:15pm
Last Updated: Mar-23-2014 @ 02:36pm

There is no comment. Why not be the first?

More Comments/Post Your Own

Advertisement

Blogs

Latest Comments

  • Guest on Forum
    “noFollow links.” - Jun 19
  • username on Forum
    “Sponsor or Premium user” - Jun 14
  • on Forum
    “Template https://www.website.com/skins/_common/section.tpl not found! contact webmaster” - Feb 24
  • admin on 01. Administration Panel
    “Untitled” - Jan 24
  • on 01. Administration Panel
    “Can't Login to Admin” - Jan 23

Most Commented

Online Users

There are 151 users online.

Connect

Connect with us on Facebook

Newsletter

Subscribe to our newsletter for the latest updates and exciting promotions!