Please fix this error in ezgen shop.php.
Create user profile template then use, %myorders%
User can right click open in new window
User can use 18, 19, 20, 21, 22
To access all “order data” which also displays “customer” data of other customers. That means email, address and personal information.
This is a information breech. User should only be able to access their own order history.
Pavel level access is visitor.
Note: I can visit any website built with ezgen and I can access their customer history. All I have to do is use orderId and visit their website.
EzGenerator V4 forum
2 posts • Page 1 of 1
[You can only see part of this thread as you are not logged in to the forums]