Email a Friend

  • Matt Bean
  • Matt Bean's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
1 year 7 months ago #90013 by Matt Bean
Email a Friend was created by Matt Bean
The Email a Friend function has a vulnerability. I found my site was sending out spam emails via the scripts for this feature. I had to go into the files and delete the emailFriend.php file and all related functions of emailafriend in other files (then clear your sites cache).

Please be aware that if you do not delete this then your site will be used to send spam and your IP's will be blacklisted more than likely. Right now the developer is aware and he said there is not a solution to fix this problem as of yet.

Please Log in or Create an account to join the conversation.

  • Impression eStudio
  • Offline
  • Senior Boarder
  • Senior Boarder
More
3 months 3 days ago - 3 months 3 days ago #111042 by Impression eStudio
Replied by Impression eStudio on topic Email a Friend
The same just happened to me.
I hope the latest versions (newer than 2.8.0) have this fixed.

As the hosting company said the spam emails are being send through the following link:
index.php?option=com_eshop&task=product.processEmailAFriend&lang=en

I renamed the file "components\com_eshop\themes\default\views\product\emailafriend.php" to something else.
I commented the code of the function "processEmailAFriend" in the file "components\com_eshop\models\product.php".
I hope this is enough.
Last edit: 3 months 3 days ago by Impression eStudio.

Please Log in or Create an account to join the conversation.

Moderators: Giang Dinh Truong