Follow Up Email Extension by Aheadworks: Vulnerability Issue

We've released a new version of Follow Up Email extension that closes a recently discovered vulnerability issue. We strongly encourage all users of our extension to get the fix for this issue.

Type: Controller vulnerability
Known Successful Attacks: None
Description: Potential vulnerability issue that allowed gaining access to file system was discovered and subsequently fixed in the latest version of the extension both in Community and Enterprise editions.
Products Affected: Follow Up Email CE 3.5.8 and above
Follow Up Email EE 3.5.8 and above
Fixed in: CE 3.6.7
EE 3.6.7
HOW TO FIX Do nothing for versions 3.5.7 and below
Download a patch if your support period is not active
Update from customer area if your support period is active

Should you have got any troubles with the update, contact our support

How to apply the patch

  1. Disable compilation, if enabled (System->Tools->Compilation -> click DIsable buttton)
  2. Backup the following files:
    1. App/code/local/AW/Followupemail/controllers/IndexController.php
    2. App/code/local/AW/Followupemail/Helper/Image.php
  3. extract the contents of the zip into your magento root folder
  4. Refresh the cache (in System->Cache Management)
  5. Run compilation process agan, if needed (System->Tools->Compilation -> click Run Compilation Process buttton)