• Status: Closed

FS#9978 - vulnerability

I have just received an e-mail from evanto saying that it has been discovered a severe vulerability on Alysum and they suggest to update it asap.
I have version Alysum v.4.5 but if I con into the module in my ps bo I don’t see any update available.
Could you please help to fix the vulnerability?
Best Regards

Ticket dependencies (view graph):

Depends on  FS#9975 - vulnerability  
Alex Support (Admin)
Monday, 17 October 2016, 18:24 GMT+2
Support Team

Hi. As I know we didn't get any email from Envato.
Please forward to me this email [email protected]

matteo cirio (matteocirio)
Monday, 17 October 2016, 18:29 GMT+2

forwarded. Please let me know what to do.

JL Artiaga (jlartiaga)
Monday, 17 October 2016, 20:05 GMT+2

I've just received the same mail from Envato and apparently looks reliable but I can't access to any update from you. Please help ASAP.

Alex Support (Admin)
Monday, 17 October 2016, 20:42 GMT+2
Support Team

Hi. Don't worry about that. Our developer soon will answer here

Marek (marek)
Monday, 17 October 2016, 22:28 GMT+2
Support Team

The security issue was in FlexMenu module with upload feature. For now the issue is fixed and you just need to update two files:

- modules/pk_flexmenu/ajax/upload.php
- modules/pk_flexmenu/pk_flexmenu.php
JL Artiaga (jlartiaga)
Monday, 17 October 2016, 22:36 GMT+2

Thank you. Where or how can we update those two files?

Marek (marek)
Monday, 17 October 2016, 22:37 GMT+2
Support Team

Go to themeforest and download latest Alysum version.

Caroline (Des fleurs des fleurs etc)
Monday, 17 October 2016, 23:04 GMT+2


I have Alysum 2.0. do I have to switch to another version ...?


matteo cirio (matteocirio)
Tuesday, 18 October 2016, 09:56 GMT+2

ok. Done. Thanks

Marek (marek)
Tuesday, 18 October 2016, 10:37 GMT+2
Support Team

No. I can update that two files directly on your server. Or you already did that?

matteo cirio (matteocirio)
Tuesday, 18 October 2016, 10:48 GMT+2

Hello Marek,
could you please to whom is your answer addressed? If it is addressed to me what I did is to download the from envato the alysum them and the overwrite on my servers these 2 files: - modules/pk_flexmenu/ajax/upload.php
with the 2 files coming from the last version downloaded from envato. Could you please check if the files on my servers containns the fix to the vulnerability issue?

Marek (marek)
Tuesday, 18 October 2016, 10:50 GMT+2
Support Team

Sorry, I wrote to Caroline.
To Matteo: Yes, you already have fixed version of menu.

Caroline (Des fleurs des fleurs etc)
Tuesday, 18 October 2016, 14:45 GMT+2

Hello Marek

If you can do it for me it's ok...

Thank you

emil (emil)
Tuesday, 18 October 2016, 17:59 GMT+2

Can you update the security fix on my server as well? I posted details in the back-office. I cannot log in to themeforest anymore, tried on 2 computers. I complains about adblock, which I don't have.

Marek (marek)
Tuesday, 18 October 2016, 22:16 GMT+2
Support Team

Hi Emil.
I don't see Flex Menu module on your server in this folder /lash.se/modules

Marek (marek)
Tuesday, 18 October 2016, 22:26 GMT+2
Support Team

Hi Caroline.
You Flex Menu has been updated.

Caroline (Des fleurs des fleurs etc)
Wednesday, 19 October 2016, 23:16 GMT+2

Thank you Marek !

Guibert (Gunnm74)
Thursday, 20 October 2016, 20:53 GMT+2

Hi Marek,
I have the version 2.7, to update these 2 files, should I take these files in the version 2.9 or in the version 4.6 ?

Thanks in advance.

Alex Support (Admin)
Saturday, 22 October 2016, 15:41 GMT+2
Support Team

Hi Guibert, you can copy the fixed files and check (backup the old files before that). It should work. If it doesn't work write us back and we will help