In our detailed testing scenarios we came across a crucial understanding that the recent upgradations in our Frameworks has opened a potential threat, allowing a regular frontend user to access the admin privileges. The twist in the story is that the user will be able to perform this feat without the need to login the admin section.
During our rigorous testing scenarios, we found out a very specific method to perform this security bypass. It will require all those fixed constraints to achieve the feat.
What needs to be done now?
However difficult the process may be -- still it is a very deadly security breach and should not be considered lightly.
Considering all the scenarios found out by our team we are providing you the security release, specifically for each of the product. Below mentioned table will let you know which versions are equipped with the security fixes.
|PayPlans *||2.4.9, 3.0.8, 3.1.2 & above|
|PayInvoice||1.0.4 & above|
* If you are using PayPlans 2.3 or lower version on Joomla 1.5, then this issue is not there. And if you are using these version on Joomla 2.5, then please contact us.
It is sincerely requested to all of our friends and users not to panic and immediately upgrade the products to the security release of your specific version which you are currently using.
Apart from others, PayPlans has many versions which can be easily upgraded and managed by using the installer. You can refer to our video tutorial guide on Using PayPlans Installer. It will definitely guide you in easy upgradation.
Please connect with us if you feel any doubt in the installation process or if you wish us to help you out in the process. We will be very glad to help you out.