As far as we take the safety of our products just serious Aheadworks releases one more security patch for our Follow Up Email extension for Magento 1 stores.
Further tests showed that it contains some more potential vulnerabilities able to provide cyber criminals with an opportunity to get access to the Magento file system. In the affected versions of the extension (3.5.8 and above) attackers were likely able to create and read files through the discovered controller vulnerability.
The latest patch closes it down and resolves some other security issues.
We recommend you to download and install the latest patch for the Follow Up Email extension and ensure your data security. Or you can update the module till the 3.6.7 version.
- Download the patch (inactive support period);
- Update the extension (active support period).
How to Apply the Patch
- Disable compilation, if enabled (System->Tools->Compilation ->click Disable button);
- Backup the following files: App/code/local/AW/Followupemail/controllers/IndexController.php and App/code/local/AW/Followupemail/Helper/Image.php;
- Extract the contents of the zip to your Magento root folder;
- Refresh the cache (System->Cache Management);
- Run compilation process agan, if needed (System->Tools->Compilation ->click Run Compilation Process button).
If you have any questions regarding the above security issue, please contact our support team.