On November 11th, our Team uncovered a major vulnerability in the OpenCart based Joomla Extensions MijoShop and AceShop that allows any malicious user to get access to your website.
Update - Mijoshop 2.5.2 is out including the fix for this issue. We urge users that have active subscription to download the official update from the developer website.
To fix this vulnerability please do the following:
Unzip it - it should contain a single XML file ace_mijo_vulnerability_patch.xml
2. Login into your admin backend and go to Opencart VQMod manager (System/VQmod Manager)
3. Upload the patch
4. Check that the patch appears in the VQMOD list
This should make sure that you are safe until the developers address this vulnerability, hopefully as soon as possible.