User Information Breech!!

EzGenerator V4 forum

Return to “Ezgenerator v4 Customer Forum”

[You can only see part of this thread as you are not logged in to the forums]
hottopik
Tue Apr 30, 2019 3:27 pm

x

User Information Breech!!

Please fix this error in ezgen shop.php.

Create user profile template then use, %myorders%

User can right click open in new window

http://mysite.com/shop.php?action=order&id=18

User can use 18, 19, 20, 21, 22

To access all “order data” which also displays “customer” data of other customers. That means email, address and personal information.

This is a information breech. User should only be able to access their own order history.

Pavel level access is visitor.



Note: I can visit any website built with ezgen and I can access their customer history. All I have to do is use orderId and visit their website.

tpir72
Thu Oct 24, 2019 7:53 pm

x

Re: User Information Breech!!

Recommend that you switch to Sitelok for member...


Return to “Ezgenerator v4 Customer Forum”