Malware injection in CSS Custom

  • Resolved atelier129

    (@atelier129)


    6 years, 10 months ago

    Hello,

    I point out a big problem in the module with the possibility of injecting code in the “Custom CSS” zone. For me it caused redirects to other sites.

    I deleted the “Custom CSS” field in the “optionspage.php” file and this solves the problem but it is temporary.

    thank you

Viewing 1 replies (of 1 total)
  • etoilewebdesign

    (@etoilewebdesign)

    6 years, 10 months ago

    Could you please email us at [email protected] with the steps for how to recreate what you did? That field is escaped and sanitized. Additionally, you have to be logged in as an admin to even use that field, so who were you letting use your admin or what kind of strange stuff were you putting in the field?

Viewing 1 replies (of 1 total)

The topic ‘Malware injection in CSS Custom’ is closed to new replies.