All the Magento 2 websites based on the latest 2.1.6 and or an earlier version with the disabled «Add Secret Key to URLs» option are vulnerable to DC-2017-04-003 (Remote Code Execution, CSRF))
|
|
0
|
936
|
April 14, 2017
|
How are the setNoSecret() / getNoSecret() methods of the \Magento\Backend\Model\Url class used?
|
|
1
|
1249
|
May 21, 2016
|
How to skip adding the secret key to a programmatically built backend URL using the «_nosecret» parameter?
|
|
1
|
1824
|
May 30, 2016
|
How to remove the secret key from the backend URLs?
|
|
1
|
4574
|
May 21, 2016
|
How is the «Add Secret Key to URLs» backend option implemented and used?
|
|
1
|
3106
|
May 21, 2016
|
How is \Magento\Backend\Model\Url::useSecretKey() implemented and used?
|
|
1
|
2328
|
May 21, 2016
|