MD Quickview RCE vulnerability

RCE vulnerability in MD Quickview extension

MD Quickview extension (also distributed as Smartwave/Quickview or Sns/Quickview and similar Quickview extensions with various design themes such as Smartwave Porto or Sns Nova) is vulnerable to SQL injection. The vulnerability allows a remote attacker to take complete control over infected store after a single URL call. If you have Quickview extension installed in your shop please consider to immediately disable it and uninstall or patch later.

MD Quickview RCE vulnerability
1 vote, 3.00 avg. rating (72% score)
  • Nafiz

    how do i patch it?

  • Scode

    Hi Magentary. Occasionally when I run your patch tester it says my webstore has MD Quickview & EM Quickshop vulnerabilities. However when testing again that disappears and most scans don’t return it. I just see it every so often. Should I be concerned?

    In Magento backend System – Config – Advanced – Advanced I don’t see the two of them in the modules list. Would they be there if I had them? Thanks for clarifying.