All the Magento 2 websites based on the latest 2.1.6 and or an earlier version with the disabled «Add Secret Key to URLs» option are vulnerable to DC-2017-04-003 (Remote Code Execution, CSRF))
|
|
0
|
857
|
April 14, 2017
|
How are the setNoSecret() / getNoSecret() methods of the \Magento\Backend\Model\Url class used?
|
|
1
|
1178
|
May 21, 2016
|
How to skip adding the secret key to a programmatically built backend URL using the «_nosecret» parameter?
|
|
1
|
1648
|
May 30, 2016
|
How to remove the secret key from the backend URLs?
|
|
1
|
4490
|
May 21, 2016
|
How is the «Add Secret Key to URLs» backend option implemented and used?
|
|
1
|
3022
|
May 21, 2016
|
How is \Magento\Backend\Model\Url::useSecretKey() implemented and used?
|
|
1
|
2182
|
May 21, 2016
|