Few attributes in Product setting making system vulnurable

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.

Total Posts: 2
Karma: 10
Joined: 5/17/2019
Location: India

Posted: 4 years ago

create a test product - on Products page in Admin area, click on settings tab- Access Control List and Customer Roles attributes are present in Product Settings - I do not think This is not required here to be made configurable by vendor / non admin user.
Hackers can write a plugin related to product functionalities and access these attributes to overwrite the customer roles setting to Admin or other privileged accounts.
As far as I understand, these 2 attributes should be removed to be configurable in product settings.

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.

Still have questions or need help?

. Premium support services . Get dedicated support from the nopCommerce team with a guaranteed response within 24 hours.

. Online course for developers . Get the practical and technical skills you need to run and customize nopCommerce websites.