FAILLE DE SECURITE JOOMLA
Event Registration Pro, 4.1.3 and previous, SQL Injection
Resolution: update to version 4.1.4
We have just released Event Registration Pro version 4.1.4.
This version addresses a priority security issue (SQL Injection vulnerability) that affects all previous versions of Reg Pro for Joomla 3 from version 3.0.0 through version 4.1.3.
At JoomlaShowroom.com we take security very seriously and we know that keeping your site secure is important to you and your client’s businesses.
All users of Event Registration Pro are encouraged to upgrade to this latest version. Members with an active subscription can log in and get this update from the downloads section of our website here.
An active subscription is required to access all updates, including security updates. If you have a subscription that is expired you can get a new subscription here.
If you are a developer that has used Event Registration Pro on your client’s website and you do not want to renew your own subscription then please do your client a favor and notify them about this important security update and encourage them to get their own subscription to access the security updates to keep their website secure.
There were also some additional bug fixes that were resolved in this new 4.1.4 version. The changelog is below.
Event Registration Pro 4.1.4 changelog
1. Fixed an issue related to ticket/additional items selections.
2. Fixed a problem with early bird discount calculations if a coupon code was used.
3. Fixed an issue with coupon codes when used were not showing on the event reports.
5. Update to the Google maps API.
6. Fixed an issue with tax not being sent to Paypal in some cases.
7. SECURITY FIX: We have addressed an SQL injection vulnerability that affects Joomla 3 versions of Reg Pro starting from version 3.0.0 through 4.1.3.
8. Fixed an issue with the date picker script that was causing issues in the admin when creating an event.
LAETITIA TIMONSupport technique et ingenierie WEB et sécurité
CMSGUARD vous accompagne dans le nettoyage et la sécurisation quotidienne de vos sites internet. Nous pilotons vos plateformes WEB par une expertise d’infogérence basée sur la sécurité et le White hacking.