Description
We have updated logic in the following files:
admin_db_query.php - now gets all data only from POST environment.
admin_login.php - 1) disabled automatic re-post in case user tries to run some SQL query and was logged out; 2) removed 'operation' parameter from URL.
 
Solution
http://www.viart.com/downloads/admin_login-4.0.8.zip
http://www.viart.com/downloads/admin_db_query-4.0.8.zip
 
Download the files above and extract 'admin_login.php' and 'admin_db_query.php' in 'admin' folder of your shop replacing existing files.
 
Important! We always recommend to change the 'admin' folder name so attacker never knows your admin location path and can't generate false URLs for CSRF attacks.

What would be the proper way to change the admin folder name? I realise I could just rename the folder, but what would have to be done to make sure that the code knows where to find the admin files?

 
You just need to rename the folder and insert new name in admin URL e.g.
http://www.site.com/mynewAdmin
 
Then system won't have any problems finding necessary files.
 
Regards,
ViArt Team