• floofloof@lemmy.ca
      link
      fedilink
      English
      arrow-up
      17
      ·
      1 year ago

      Wow, his response. Someone needs to fork this project because this guy isn’t living in the real world.

    • Skull giver@popplesburger.hilciferous.nl
      link
      fedilink
      arrow-up
      9
      arrow-down
      3
      ·
      edit-2
      1 year ago

      Nah, I’m with this dev on this one.

      To make this work, you need the session cookie of an admin, or be able to set the cookie on an admin’s computer. This “attack” works against almost any website, including Lemmy. In fact, the requirement for the URL token makes OpenCart more secure than 90% of websites out there.

      He sure didn’t respond professionally, but if this is the kind of “security vulnerabilities” he has to deal with every day, I totally understand.

      There are bigger OpenCart issues that do warrant a better response, of course.