Update on Security Fix for Product Stock Notification Extension
Issue faced: One of our client has faced a recent hacking attack by SQL injection via form input fields.
Case 1: You purchased the extension and never required a support
If you never required our support for the installation of the extension it means the extension worked perfectly for you. In this case you can directly download the extension and re-install the extension. However reinstallation might delete your old records of this extension.
Case 2: You purchased the extension and recieved support
In this case, you have vqmod files exclusively modified for your website template. Therefore you cannot reinstall the extension by yourself, you may need to submit a support ticket to make the appropriate changes for you by us. The service is free if your purchase is not older than 6 months. If it is older than 6 months, an additional $5 need to pay for the upgradation service.
The important changes are done in catalog/controller/product/product_oosn.php
- Inputs are validated
- Inputs are db escaped before inserting into your database.