Joomla Extensions by Joomdonation
Any questions about Documents Sellers, post it here .

DM Orders Component 'id' Parameter SQL Vulnerabili

More
14 years 1 month ago #2439 by Alan
DM Orders Component 'id' Parameter SQL Vulnerabili was created by Alan
Hi,

I did send a message to you via your contact form on the site and never got a reply, can you please give me the status update of the follwing issue:

Joomla! DM Orders Component 'id' Parameter SQL Injection Vulnerability

The DM Orders component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Link to this issue can be found here:
www.securityfocus.com/bid/37655/exploit

Using my google analytics account it is showing me that people are using google.com to search for:

inurl:com_dm_orders

or

inurl:"com_dm_orders"

The result is that the people that come to my site using this search term are spending over 1 hour on my site, yet they are not buying any items, so this is a very big worry.

Have you come across this before, do you have a solution?

My site is: www.releasedailystress.com and my site does come up on google.com page 3 please advise

Best regards
Alan
Regards
Alan

Please Log in or Create an account to join the conversation.

More
14 years 1 month ago #2440 by Tuan Pham Ngoc
Replied by Tuan Pham Ngoc on topic Re:DM Orders Component 'id' Parameter SQL Vulnerabili
Hi
I am sorry, I didn't receive your email before . Sometime, the contact form does not work because some problem with our mail server . I will move my site to new hosting server soon . (I usually reply to contact email or forum post as soon as I received) .

Regarding the issue, I addressed it long time ago (about more than one month ago) and released version 2.2 . Please note that this issue is with Docman Seller component, not with Documents Seller component. You can send an email to contact@joomservices.com, I will send you version 2.2 of Docman Seller .

Since we are now focus on developing new features for Documents Seller, not much for Docman Seller, you should upgrade from Docman Seller To Documents Seller . Documents Seller has a migration to to migrate from Docman Seller into Documents Seller and have many more advanced features compare to Docman Seller .

Anyway, just send us an email to contact@joomservices.com, let us know the email you used to purchased the extension, we will send you the version 2.2 of Docman Seller .

Thanks ,
Tuan

Please Log in or Create an account to join the conversation.

Support

Documentation

Information

Copyright © 2024 Joomla Extensions by Joomdonation. All Rights Reserved.
joomdonation.com is not affiliated with or endorsed by the Joomla! Project or Open Source Matters.
The Joomla! name and logo is used under a limited license granted by Open Source Matters the trademark holder in the United States and other countries.

Connect Us