• jon@lemmy.tf
    link
    fedilink
    English
    arrow-up
    22
    ·
    1 year ago

    Maybe someone should fork Opencart and patch the security vulnerabilities and try to drive people away from this guy’s repo, since he’s just combative anytime someone raises a concern.

    Or quit using his code altogether.

    • phx@lemmy.ca
      link
      fedilink
      arrow-up
      14
      ·
      1 year ago

      Given a rant like this I wouldn’t be trusting his code. Admin access to a backend and ability to write to the underlying filesystem+configs are two different layers. Yeah in many cases they may be the same admin, but not necessarily. It also means a compromised admin UI user can modify the underlying system to hide their tracks.

      It’s like saying it’s ok to have a hypervisor breakout because it requires you to have root in the underlying VM to exploit and only trusted admins have root…