We found a critical vulnerability in component Keitaro, which might give access to the control panel (/admin).
How to fix that
- Update to
7.7.10
- Add HTTP-authentication to /admin
How to update 6.7.1
- Download file http://keitaro.io/uploads/index.phtml.txt
- Replace existed file
application/views/updates/index.phtml
- Go to “Updates” and press “Update”
HTTP-authentication for Apache
There you can generate files .htaccess and .htpasswd
http://tools.dynamicdrive.com/password/