Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.

Security leak using http://yoursite.com/admin/orders.php/login.php


Recommended Posts

I have just found out that there is a security weakness on my site. When someone types in http://yoursite.com/admin/orders.php/login.php they can see all my orders. How can I close this hole. I am going to rename the admin to hide it but I would still like to close this hole.


Anyone got any ideas?





Link to comment
Share on other sites

This thread is PINNED in the security area. If you have NOT read the security threads then your site is vulnerable !!!





I guess reading the security thread beats migrating to Magento. Do you know what post addresses the htaccess solution? I'd like to get that patched up first.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...