User Information Breech!!

EzGenerator V4 forum

Return to “Ezgenerator v4 Customer Forum”

[You can only see part of this thread as you are not logged in to the forums]
Tue Apr 30, 2019 3:27 pm

0 x

User Information Breech!!

Please fix this error in ezgen shop.php.

Create user profile template then use, %myorders%

User can right click open in new window

User can use 18, 19, 20, 21, 22

To access all “order data” which also displays “customer” data of other customers. That means email, address and personal information.

This is a information breech. User should only be able to access their own order history.

Pavel level access is visitor.

Note: I can visit any website built with ezgen and I can access their customer history. All I have to do is use orderId and visit their website.

Return to “Ezgenerator v4 Customer Forum”