Audit shows suspect or malicious content in files

I write to ask whether certain lines in Membership Pro files are security concerns.

We performed a security audit on our site, chigov.com, using the myjoomla.com service.

The audit flagged the files I've listed below as having suspicious content on the lines shown.

Please let me know whether this content does, in fact, belong in the files.

---

/components/com_osmembership/tcpdf/CHANGELOG.TXT

Line 2023:
PHARMA : PHARMACODE

Line 2024:
PHARMA2T : PHARMACODE TWO-TRACKS

---

/components/com_osmembership/tcpdf/README.TXT
Line 40:
* 1D and 2D barcodes: CODE 39, ANSI MH10.8M-1983, USD-3, 3 of 9, CODE 93, USS-93, Standard 2 of 5, Interleaved 2 of 5, CODE 128 A/B/C, 2 and 5 Digits UPC-Based Extension, EAN 8, EAN 13, UPC-A, UPC-E, MSI, POSTNET, PLANET, RMS4CC (Royal Mail 4-state Customer Code), CBC (Customer Bar Code), KIX (Klant index - Customer index), Intelligent Mail Barcode, Onecode, USPS-B-3200, CODABAR, CODE 11, PHARMACODE, PHARMACODE TWO-TRACKS, Datamatrix, QR-Code, PDF417;

---

/plugins/osmembership/script/script.php

Line 72:
eval($script);

Line 98
eval($script);

Line 124:
eval($script);

---

/libraries/omnipay/vendor/symfony/http-foundation/ServerBag.php
Line 57:
* RewriteRule ^(.*)$ app.php [QSA,L]

Hi

You don't have to worry about these files. They are part of the two very popular library for PHP :

1. The first one is TCPDF www.tcpdf.org/ which is used in Membership Pro for generating PDF invoice

2. The second one is part of Synfony framework ( symfony.com/ ) which is used in omnipay payment API ( omnipay.thephpleague.com/ ) for processing payment in Membership Pro

3. The final one is an eval command in the script plugin which is used to perform the php script which you might want to execute when someone subscribe for your subscription plans membershipprodoc.joomservices.com/miscel...lugins/script-plugin )

So in short, these files are safe to use

Regards,

Tuan