Extract 'admin_header.php' into 'admin' folder and 'previews_functions.php', 'ajax_list_tree.php' into 'includes' folders of your shop replacing existing files.
2) Also we recommend to turn off register_globals option in the PHP configuration to prevent such possibility at all:
register_globals = Off
Last modified: 1 Oct 2012 4:16 PM
David (Guest)
29 Sep 2012 1:13 AM
includes/ajax_list_tree.php
includes/previews_functions.php
these 2 files also have the same vulnerability, please patch also.
One of our store is now under attack to previews_functions.php
Our site got hacked yesterday morning, quite possibly due to one of these vulnerabilities. Is there a way I can be updated via email or rss about new patches?
tiff (Guest)
2 Oct 2012 5:13 PM
Does this apply to 3.4.7?
Vito
2 Oct 2012 5:43 PM
Does this apply to 3.4.7?
No, it doesn't
Metz
2 Oct 2012 6:14 PM
If our register_globals are off, is there still a concern?
Also, if we haven't upgraded to 4.1, will these patches mess up anything in 4.0.8?
Thanks!
nuweb (Guest)
2 Oct 2012 10:01 PM
Why is the 3.6 patch for this malware remote inclusion listed within the 4.1 patches, and now also displayed in the 3.6 patch list?
