An security exploit in CRE Loaded allows any to get into admin are and lot of things like view confidential information about orders, customers, upload files etc. Immediate fix is needed in ALL versions of CRE Loaded older than 6.4.1a.
See the screen shot to see how information can be seen without username password.
You can more details and fix of the issue on http://www.infotales.com/oscommerce-cre-loaded-security-issue-allows-access-admin-area/
An security exploit in osCommerce allows any to get into admin are and lot of things like view confidential information about orders, customers, upload files etc. Immediate fix is needed in ALL versions of osCommerce.
See the screen shot to see how information can be seen without username password.
You can more details and fix of the issue on http://www.infotales.com/oscommerce-cre-loaded-security-issue-allows-access-admin-area/
If you are using standard PayPal payment module, and want to use discount coupons, there is some issue that you need to fix. On default setting discount coupons will not work with this payment module.
The customer will see amount deducted on order confirmation page but once moved to chaeck out page PayPal site, the amount is shown without discount.
I have posted solution to this issue on my blog, see the post http://www.infotales.com/paypal-payment-module-discount-coupons-problem-cre-loaded/
For more CRE Loaded related fixes see http://www.infotales.com
In my recent post i have mentioned how to track internal site searches on OSCommerce and CRE Loaded, to see what people are searching. This post is http://www.infotales.com/track-visitor-site-searches-oscommercegoogle-analytics/.
For more CRE Loaded related updates see http://www.infotales.com
Web site performance will be becoming important part in search engine ranking. In my recent post I have mentioned simple way to improve performance for site based on CRE Loaded. See my post on http://www.infotales.com/performance-enable-gzip-compression-cre-loaded/.
For more CRE Loaded related posts click here and more performance optimization related post click here
Just posted a new post on securing CRE Loaded admin area. The post is available on http://www.infotales.com/hardening-protecting-cre-loaded-admin-area/
The post lists following simple methods to enhance security of admin area.
- Don’t use default http://mycresite.com/admin/ structure
- Use password protected directories
- Restrict access to specific IPs only
- Use secure user names and passwords
A new bug was found in payment module “Credit Card UK with CVC”. Due to the bug CVV code was missing in email sent to admin. To see more details and find fix for the bug see http://www.infotales.com/cvv-bug-fix-credit-card-uk-payment-module/.
For more CRE Loaded related updates please visit http://www.infotales.com/
High Performance CRE Loaded post as been posted on my new blog. The post shows the A grade performance can be achieved with CRE Loaded. The post can be seen at http://www.infotales.com/high-performance-cre-loaded-site/.
The post describes how to improve speed and quality of product search in CRE Loaded. For code and database changes please see http://www.infotales.com/cre-loaded-search-speed-fulltext/
For other CRE Loaded related topics visit http://www.infotales.com/
The post have been moved to new blog. You can find the fix at http://www.infotales.com/categories-breadcrumb-not-working-cre-loaded-pro/
For more CRE Loaded related tricks and updates please visit http://www.infotales.com/
