Possible exploit in admin_ajax.php
  • markdaps
    Posts: 21
    Joined: February 5th, 2021, 7:31 pm

    Possible exploit in admin_ajax.php

    by markdaps » February 7th, 2021, 9:36 am

    Hi,

    A malware server scan has reported an exploit for 'php.isset.post.post.fopen.post' in file 'admin_ajax.php' located in /cp folder.
    Mark M | Web Developer
  • User avatar
    administrator
    Site Admin
    Posts: 27
    Joined: February 4th, 2021, 2:08 pm

    Re: Possible exploit in admin_ajax.php

    by administrator » February 7th, 2021, 4:01 pm

    Don't worry about that without login nobody can access the ajax there are session guards over there CSRF token protection so security is not issue on that if you want to if you know the ajax work you also know isset and POST and GET fopen close are on backend on every PHP application
  • markdaps
    Posts: 21
    Joined: February 5th, 2021, 7:31 pm

    Re: Possible exploit in admin_ajax.php

    by markdaps » February 7th, 2021, 9:16 pm

    Ok, thanks.
    Mark M | Web Developer
  • markdaps
    Posts: 21
    Joined: February 5th, 2021, 7:31 pm

    Re: Possible exploit in admin_ajax.php

    by markdaps » February 10th, 2021, 3:13 pm

    An update about this.

    The malware scanner on the server was reporting a false positive.

    A tech guy looked over the file and after confirming this to be safe, whitelisted the file.

    You may have to do the same for your hosting company.
    Mark M | Web Developer

Who is online

Users browsing this forum: No registered users and 2 guests